On Wed, August 22, 2007 3:31 pm, mike wrote: >> I thing a good FAQ entry would be how this patch fits in with >> Suhosin >> and what are the comparable/conflicting concepts, are they >> compatible >> with each other etc. >> >> http://www.hardened-php.net/suhosin/a_feature_list.html >> >> >> Both systems are liable to appeal to the same sort of people so it >> makes >> sense to cover this. > > What I do not understand is why don't these patches get put instantly > back into the core PHP distribution? So patches against 5.2.3 perhaps > would be in 5.2.4, etc? > > IMHO there shouldn't be a hardened PHP project. Their patches should > be put in whenever possible, perhaps during an RCx before a gold build > or something. Any loss of functionality due to them should be a > configuration option to turn on/off but otherwise everyone would > benefit from security, memory leak, and other patches...
You'd really have to take that up with Steffan Esser and the Core PHP Dev Team... They had differences of opinion about where to draw the line in the sand on some PHP Security issues which led to Steffan starting Suhosin and eventually withdrawing from the team. Steffan still contributes many security patches/suggestions, and many of those are put into the stock PHP distribution. Apologies in advance to all involved in my gross over-simplification and probably mis-representation of "history". :-) -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
