hey guys, just ftr,
On Tuesday 22 May 2007 10:41, Ondřej Surý wrote:
> > so I'm not that enthousiastic. But I'll do some more research and
> > experimenting with this patch and a set of PHP applications, and see
> > whether it's something to worry about or not.
>
> I suggest you read the patch :-).
i've have actually heard of different breakages caused by the suhosin patch,
but it seems that in such cases it's usually a matter of tweaking some
variables here and there to increase certain limits, etc. also, there's a
master toggle switch which turns errors into warnings.
so, we could hypothetically ship with it turned off first to see how it's
recieved, and then assuming we're still early enough in the release cycle we
could turn it on and ship lenny with an active, suhosin-patched php.
sean
pgp5ADoOjFJ1u.pgp
Description: PGP signature
