Re: Document the bug fix policy regarding PHP Safe Mode

To: <debian-security@lists.debian.org>, <debian-www@lists.debian.org>
Subject: Re: Document the bug fix policy regarding PHP Safe Mode
From: MJ Ray <mjr@phonecoop.coop>
Date: Wed, 20 Jul 2005 02:48:06 +0100
Message-id: <[🔎] E1Dv3gs-0005Eo-00@pipe.localnet>
In-reply-to: Your message of Wed, 13 Jul 2005 20:31:25 +0200 <[🔎] 87slyipngi.fsf@deneb.enyo.de>
References: <[🔎] 87slyipngi.fsf@deneb.enyo.de>

Florian Weimer <fw@deneb.enyo.de> wrote:
> <p>This decision is based on the on two observations: Most PHP users
> are small-scale users, not service providers.  As a result, they do
> not have to deal with the challenge of multiple users who need to
> write PHP scripts which run on the web server, but do not trust each
> other. [...]

Where does this observation come from and do we know whether it's
true for debian? I certainly know a higher proportion of multi-user
servers with PHP installed than the proportion of desktop systems
I know with PHP.

[...]
> <p>Of course, it is possible to enable Safe Mode as an additional
> layer of defense.  However, as the only layer, it is far too weak.</p>

It is possible to use this layer, but not very convenient if
debian-packaged PHP apps won't run safely in Safe Mode.

-- 
MJ Ray (slef), K. Lynn, England, email see http://mjr.towers.org.uk/

Reply to:

Follow-Ups:
- Re: Document the bug fix policy regarding PHP Safe Mode
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- Document the bug fix policy regarding PHP Safe Mode
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Bug#319040: marked as done (www.debian.org: english version of News/2005/20050708 does not contain link to translation)
Next by Date: Changelog pages on debian.org
Previous by thread: Document the bug fix policy regarding PHP Safe Mode
Next by thread: Re: Document the bug fix policy regarding PHP Safe Mode
Index(es):
- Date
- Thread