[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds

On Thu, Feb 02, 2012 at 03:14:56PM +0100, Stefan Esser wrote:

> BTW: You should really really look into the history of PHP security and check for each of the last 8 years how many features were in Suhosin and later merged into PHP because of some nasty security problem.
> You will see that at least 2 features of Suhosin per year were merged into PHP.

If that’s the case, then you have nothing to worry about.

As more and more Suoshin features are merged into mainline PHP, Debian’s
PHP package will get more and more secure. That’s the way it happens for
many other packages, I fail to see why PHP should be treated differently.

Andrea Bolognani <eof@kiyuko.org>
Resistance is futile, you will be garbage collected.

Attachment: signature.asc
Description: Digital signature

Reply to: