Re: Document the bug fix policy regarding PHP Safe Mode
Florian Weimer <firstname.lastname@example.org> wrote:
> <p>This decision is based on the on two observations: Most PHP users
> are small-scale users, not service providers. As a result, they do
> not have to deal with the challenge of multiple users who need to
> write PHP scripts which run on the web server, but do not trust each
> other. [...]
Where does this observation come from and do we know whether it's
true for debian? I certainly know a higher proportion of multi-user
servers with PHP installed than the proportion of desktop systems
I know with PHP.
> <p>Of course, it is possible to enable Safe Mode as an additional
> layer of defense. However, as the only layer, it is far too weak.</p>
It is possible to use this layer, but not very convenient if
debian-packaged PHP apps won't run safely in Safe Mode.
MJ Ray (slef), K. Lynn, England, email see http://mjr.towers.org.uk/