Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds
- To: Stefan Esser <stefan@nopiracy.de>
- Cc: Pierre Joye <pierre.php@gmail.com>, Ondřej Surý <ondrej@sury.org>, 657698 <657698@bugs.debian.org>, Christoph Anton Mitterer <calestyo@scientia.net>, Douglas Calvert <dfc@douglasfcalvert.net>, Jesse Molina <jesse@opendreams.net>, Carlos Alberto Lopez Perez <clopez@igalia.com>, PHP internals <internals@lists.php.net>, Debian Developers <debian-devel@lists.debian.org>, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
- Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds
- From: Ángel González <keisial@gmail.com>
- Date: Thu, 02 Feb 2012 19:35:03 +0100
- Message-id: <[🔎] 4F2AD757.3070406@gmail.com>
- In-reply-to: <[🔎] 46104CB6-A868-41C3-B8E1-F1E0AC06BCAB@nopiracy.de>
- References: <[🔎] CALjhHG_wYvJn-Z+x9fJUi+dgmZ+Ha9BD54N5VwhneJM4sg1xBQ@mail.gmail.com> <[🔎] 5FB5CFDA-6FE8-4C20-A9B9-7844ED96659B@nopiracy.de> <[🔎] CAEZPtU7jtQTDNpUovxxnDdRunjH9BOdX=WbS8JcGz+5Wkz8ocw@mail.gmail.com> <[🔎] 46104CB6-A868-41C3-B8E1-F1E0AC06BCAB@nopiracy.de>
Stefan Esser wrote:
> And there are many many good reasons, why Suhosin must be external to PHP.
> The most obvious one is that the code is clearly separated, so that not someone of the hundred PHP commiters accidently breaks a safe guard.
That's not a justification to keep it as a patch.
Safe guards could prefectly be skipped by a commit which changed near
code, reestructures the function or creates a different path, *even if
the patch still applies*.
So you would still need to check for all kind of unexpected changes anyway.
If it were in core, at least anyone changing the related code would
realise that it's there, and could take that into account for not
breaking it. If it's maintained by someone else as a patch, that simply
won't happen.
Reply to: