Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds

[Stas Malyshev <smalyshev@sugarcrm.com>]

Hi!

> I know that for many years you have not understood the idea behind
> Suhosin, the concept of exploit mitigations.

I think we have a difference of approaches here, and it is well known.
There's more or less a consensus among PHP dev that to introduce a
feature, especially with high user performance cost and other risks,
into PHP its necessity to the user needs to be proven and outweigh the
problems it causes. You seem to advocate the approach in which
performance and convenience can and should be sacrificed to security. It 
is a matter of opinion, and each one has its own validity. We probably 
would have for now to agree to disagree here.

That said, I personally would be happy to see more participation from
you - including and especially contributing and maintaining parts of
Suhosin patch that do not have high costs and user issues associated
with them and are not controversial - I think it would benefit PHP a
lot. Of course, it's your decision, but I think that would be better
both for PHP security and PHP users which have little interest in what
belongs where and why, but right now the only person who can maintain
and support any line of code in Suhosin is you, which is not always
helpful to the users.

> The most obvious one is that the code is clearly separated, so that
> not someone of the hundred PHP commiters accidently breaks a safe
> guard.

There's no "hundred PHP committers" except in theory. In practice, 
number of people regularly committing to relevant part of the core is 
probably less then 10.
--
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227