Package: php5 Version: 5.3.9-3 Severity: wishlist
Hi. Having the suhosin patch enabled per default used to be a very good thing and probably greatly increased security of PHP installations. In this versions, it seems you've disabled the patch. I don't know the reasons but I'm very sad about it. Even though you've added that PHP5_SUHOSIN=no/yes option to the rules file it would mean some effort for people to reactivate this (manually making packages and so on). Could you: a) Just re-enable it per default (for security reasons); if some people have problems with it, they should rather try to fix this upstream... or such people could manually build their packages and disable suhosin in it. b) Provide packages for both, which conflict each other, and provide the same names. One could have e.g. php5, php5-cgi, php5-cli, etc. => suhosin enabled php5-nosuhosin, php5-cgi-nosuhosin, php5-cli-nosuhosin, etc. => suhosin disabled That way, per default packages with suhosin enabled (which should be the sane default) would get installed, but people have still the possibility to take the other packages if they like; without any manual compilations. Cheers, Chris. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
