>> Anyways ... actuall it looks like the whole suhosin project is some kind of >> abandoned. We got not response to mailing the upstream maintainer, the >> forum[1] is broken and no new releases since ages, but a security problem >> is open since long time, see #631283 [2]. >> >> The question which comes to my mind is: "Do we want to ship weezy with >> software under such bad conditions?" >> >> [1] http://forum.hardened-php.net/ >> [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631283 > > any statement from your point of view about release state of suhosin. We > (maintainers of php-suhosin) think php-suhosin is definetly not in shape to be > released at the moment. How do you see this for the patch you are carring in > php5?
It doesn't seem to be that abandoned to me: http://www.hardened-php.net/suhosin/download.html (new release for 5.3.9) https://github.com/stefanesser/suhosin But yeah there was only recent activity on the github. Anyway the suhosin *patch* is probably not that aggressive as the module. O. -- Ondřej Surý <ond...@sury.org> http://blog.rfc1925.org/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
