Re: [php-maint] Status of suhosin in Debian
+1 from /me on not releasing suhosin in wheezy...
Ondřej Surý
On 11. 6. 2012, at 22:22, Alexander Wirt <formorer@formorer.de> wrote:
> Hi,
>
> we as the former (and again) maintainers of suhosin are a little bit worried
> about the current state of suhosin in Debian.
>
> A short introduction about suhosin. Suhosin is a security extension for php
> which contains of two parts: a patch for php and an extension. Suhosin
> extends php with several security features and was (and probably is) very
> important for several users. Unfortunately development slowed down a lot in
> the past and its author is known to have some problems with the php
> community. Therefore the php maintainers decided to drop the patch from the
> 5.3 packaging a few months ago (there were also some bugs and slowdowns with
> the patch) [1]. Arch Linux did the same [2]
>
> With php 5.4 thing are even more worse, there is no up2date patch and/or
> module. There is some preliminary version on github which is far from being
> released. Unfortunately there there was an uncoordinated upload in response to
> our request for adoption, the uploads introduced a bunch of new bugs and we
> decided to revert the uncoordinated adoption (and invited the upload to our
> team).
>
> After talking again we think we should release wheezy without suhosin and
> maybe reintroduce it in wheezy+1. In the meanwhile we would recommend to
> remove suhosin from testing (already done) and unstable and upload the
> package to unstable. Releaseteam what do you think?
>
> I added the php team on Cc to collect more opinions.
>
> Alex
>
> [1] <CALjhHG_wYvJn-Z+x9fJUi+dgmZ+Ha9BD54N5VwhneJM4sg1xBQ@mail.gmail.com>
> [2] https://pierre-schmitz.com/php-5-4-1-in-suhosin-out/
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint
Reply to: