Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:59170
Return-Path: <johannes@schlueters.de>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 31335 invoked from network); 26 Mar 2012 23:09:27 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 26 Mar 2012 23:09:27 -0000
Authentication-Results: pb1.pair.com header.from=johannes@schlueters.de; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=johannes@schlueters.de; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain schlueters.de from 217.114.211.66 cause and error)
X-PHP-List-Original-Sender: johannes@schlueters.de
X-Host-Fingerprint: 217.114.211.66 config.schlueters.de  
Received: from [217.114.211.66] ([217.114.211.66:44832] helo=config.schlueters.de)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id DA/FB-05097-527F07F4 for <internals@lists.php.net>; Mon, 26 Mar 2012 18:09:26 -0500
Received: from [192.168.2.230] (ppp-88-217-77-199.dynamic.mnet-online.de [88.217.77.199])
	(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
	(Client did not present a certificate)
	by config.schlueters.de (Postfix) with ESMTPSA id D4F8660E15;
	Tue, 27 Mar 2012 01:09:21 +0200 (CEST)
To: Clint Byrum <clint@ubuntu.com>
Cc: =?ISO-8859-1?Q?Andr=E9_R=F8mcke?= <ar@ez.no>, internals
 <internals@lists.php.net>
In-Reply-To: <1332788209-sup-9283@fewbar.com>
References: <4F189F5F.20109@sugarcrm.com> <4F18A8C5.9020301@phpgangsta.de>
	 <4F18B07C.2010402@sugarcrm.com> <1327019609-sup-8204@fewbar.com>
	 <CAGMw7vEjjp8Cn5COM331OhxS_ggm_YEGpjKTE6Ep0rkFT_ArMw@mail.gmail.com>
	 <1332788209-sup-9283@fewbar.com>
Content-Type: text/plain; charset="UTF-8"
Date: Tue, 27 Mar 2012 01:09:20 +0200
Message-ID: <1332803360.5855.14.camel@guybrush>
Mime-Version: 1.0
X-Mailer: Evolution 2.30.3 
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] 5.4.0 rc6 and release
From: johannes@schlueters.de (Johannes =?ISO-8859-1?Q?Schl=FCter?=)

On Mon, 2012-03-26 at 12:00 -0700, Clint Byrum wrote:
> 
> Our hands are tied, as the security team still does not feel
> comfortable shipping a PHP without Suhosin. Perhaps more can be done
> to convince the world that this is a safe thing to do now, but for
> now, we're taking the extremely conservative stance and shipping
> 5.3.10 with the Suhosin patch.
> 
> Thanks everyone for chiming in, and especially thanks to Ondrej for
> pushing hard to get things tested and rebuilt.

Thinking loud: One could also ship both. Yes this doubles the effort but
gives users a choice :-)

johannes