I asked on the mailing lists after a quick search in http://bugs.debian.org/ failed to yield results. Now I made more determined search and found the following: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657698
Accoding to it, there are problems with the Suhosin patch and human resources needed to deal with the problems are missing. It is a case of you are doomed if you do, and you are doomed if you don't. At least people need to be aware of this. On Sun, 2012-02-26 at 08:53 +1100, Amos Shapira wrote: > I suspect that digging Debian's usurious tracking site would give you > more definitive answers than speculations on a general mailing lists. > > On Feb 26, 2012 8:42 AM, "Omer Zak" <w...@zak.co.il> wrote: > Today, when I upgraded my old PC, which is running Debian > Testing > (currently Debian Wheezy), I was informed of the following: > > php5 (5.3.9-4) unstable; urgency=low > > * The Suhosin patch is now disabled in the default build. > > If you want to re-enable it again for your installation, you > can > set the option PHP5_SUHOSIN=yes in debian/rules and recompile > PHP. > > -- Ondřej Surý <ond...@debian.org> Sat, 28 Jan 2012 08:39:36 > +0100 > > Does anyone know why did the packers decide to reverse the > previous > policy of installing PHP5 with the Suhosin patch by default? > > As far as I know, it would be rather inconvenient for a busy > sysadmin to > re-enable the Suhosin patch in PHP5 and rebuild it. Also, > what'll > happen if a newer version is released for the package > (especially due to > newly discovered security vulnerabilities)? -- PHP - the language of the Vogons. My own blog is at http://www.zak.co.il/tddpirate/ My opinions, as expressed in this E-mail message, are mine alone. They do not represent the official policy of any organization with which I may be affiliated in any way. WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html _______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
