Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds
- To: Stas Malyshev <smalyshev@sugarcrm.com>
- Cc: Stefan Esser <stefan@nopiracy.de>, Pierre Joye <pierre.php@gmail.com>, 657698 <657698@bugs.debian.org>, Christoph Anton Mitterer <calestyo@scientia.net>, Douglas Calvert <dfc@douglasfcalvert.net>, Jesse Molina <jesse@opendreams.net>, Carlos Alberto Lopez Perez <clopez@igalia.com>, PHP internals <internals@lists.php.net>, Debian Developers <debian-devel@lists.debian.org>, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
- Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds
- From: Thomas Goirand <zigo@debian.org>
- Date: Fri, 03 Feb 2012 04:11:36 +0800
- Message-id: <[🔎] 4F2AEDF8.2010203@debian.org>
- In-reply-to: <[🔎] 4F2ACEEB.4080202@sugarcrm.com>
- References: <[🔎] CALjhHG_wYvJn-Z+x9fJUi+dgmZ+Ha9BD54N5VwhneJM4sg1xBQ@mail.gmail.com> <[🔎] 5FB5CFDA-6FE8-4C20-A9B9-7844ED96659B@nopiracy.de> <[🔎] CAEZPtU7jtQTDNpUovxxnDdRunjH9BOdX=WbS8JcGz+5Wkz8ocw@mail.gmail.com> <[🔎] 46104CB6-A868-41C3-B8E1-F1E0AC06BCAB@nopiracy.de> <[🔎] 4F2ACEEB.4080202@sugarcrm.com>
On 02/03/2012 01:59 AM, Stas Malyshev wrote:
> You seem to advocate the approach in which
> performance and convenience can and should be sacrificed to security.
> It is a matter of opinion
Something I don't get here. If there's this issue, and
different tastes, why can't a build flag be used, so
that you can choose security or speed depending on your
needs? If you do some:
#ifdef ENABLE_SLOWER_SUHOSIN_SECURITY
in the controversial parts, then I don't see how this
would be of trouble for anyone to have Suhosin included
in upstream PHP.
Cheers,
Thomas Goirand (zigo)
Reply to: