Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds
- To: Stefan Esser <email@example.com>
- Cc: Pierre Joye <firstname.lastname@example.org>, Ondřej Surý <email@example.com>, 657698 <firstname.lastname@example.org>, Christoph Anton Mitterer <email@example.com>, Douglas Calvert <firstname.lastname@example.org>, Jesse Molina <email@example.com>, Carlos Alberto Lopez Perez <firstname.lastname@example.org>, PHP internals <email@example.com>, Debian Developers <firstname.lastname@example.org>, Debian PHP Maintainers <email@example.com>
- Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds
- From: Stas Malyshev <firstname.lastname@example.org>
- Date: Thu, 02 Feb 2012 09:59:07 -0800
- Message-id: <4F2ACEEB.email@example.com>
- In-reply-to: <46104CB6-A868-41C3-B8E1-F1E0AC06BCAB@nopiracy.de>
- References: <CALjhHG_wYvJn-Z+x9fJUi+dgmZ+Ha9BD54N5VwhneJM4sg1xBQ@mail.gmail.com> <5FB5CFDA-6FE8-4C20-A9B9-7844ED96659B@nopiracy.de> <CAEZPtU7jtQTDNpUovxxnDdRunjH9BOdX=WbS8JcGz+5Wkz8ocw@mail.gmail.com> <46104CB6-A868-41C3-B8E1-F1E0AC06BCAB@nopiracy.de>
I know that for many years you have not understood the idea behind
Suhosin, the concept of exploit mitigations.
I think we have a difference of approaches here, and it is well known.
There's more or less a consensus among PHP dev that to introduce a
feature, especially with high user performance cost and other risks,
into PHP its necessity to the user needs to be proven and outweigh the
problems it causes. You seem to advocate the approach in which
performance and convenience can and should be sacrificed to security. It
is a matter of opinion, and each one has its own validity. We probably
would have for now to agree to disagree here.
That said, I personally would be happy to see more participation from
you - including and especially contributing and maintaining parts of
Suhosin patch that do not have high costs and user issues associated
with them and are not controversial - I think it would benefit PHP a
lot. Of course, it's your decision, but I think that would be better
both for PHP security and PHP users which have little interest in what
belongs where and why, but right now the only person who can maintain
and support any line of code in Suhosin is you, which is not always
helpful to the users.
The most obvious one is that the code is clearly separated, so that
not someone of the hundred PHP commiters accidently breaks a safe
There's no "hundred PHP committers" except in theory. In practice,
number of people regularly committing to relevant part of the core is
probably less then 10.
Stanislav Malyshev, Software Architect
(408)454-6900 ext. 227