On 02/02/2012 05:13 AM, Carlos Alberto Lopez Perez wrote: > Hello, > > I have just noticed this today when upgrading... > > I am really sad to see this feature removed from Debian. > > > After reading this bug report I understand that: > > * Suhosin patch was removed because lack of man-power to maintain it > * The main problem maintaining Suhosin were related to bugs from users > complaining about broken php applications. > > > So, if suhosin was creating problems for some users.... why not simply > ship the configuration of php.ini with "suhosin.simulation = On" by default? > > > http://myeasylinux.wordpress.com/2010/10/25/disable-suhosin/ > > > This would effectively disable suhosin patch (so no more users would > complain about suhosin breaking their applications) meanwhile this still > would allow the rest of users that are worried about security to enable > suhosin by just changing one line in the configuration. > > Or I am missing something?
Yeah! Working very hard on maintaining the suhosin patch, and then disabling it by default, don't you think that's a waste of time? Yet, this doesn't solve the main issue: man power, and will to maintain it in Debian. Would you like to work on it? Cheers, Thomas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
