On Saturday 17 January 2009 19:16, Raphael Geissert wrote: > Please don't suggest that,
I don't see harm in merely suggesting things...? > lenny is almost out and we haven't even be > able to get the other, actually important, issues sorted out. It's > already late for those changes IMO. I disagree. Code changes are of higher risk than changing the default of a setting. It's very well defined what the effect of changing the setting is, and we know for sure that it does not affect existing setups, contrary to code changes. Furthermore there has been lots of testing with this item Off, as it has been in the code for years and we're aware of many setups running Debian's PHP with that. I therefore think it's not right to see this in the same light as code patches, rather, it's an easy switch to make. Why I think we *should* do it before lenny: - Well documented as being a bad function that destroys your input variables and gives a false sense of security; - Already deprecated upstream. As this change will only affect new installations, I belive it is good to not get new setups started in an environment we know is going away soon. - Changing it will not affect current installations. - If you need it, you can of course turn it on. cheers, Thijs
pgpQ3xDlVgqCd.pgp
Description: PGP signature
