Please everybody don't *meetoo*. This is not a popularity contest.
There was people meetooing for removal when suhosin was added, let's not
do it over again but in different direction.
O.
On Tue, Jan 31, 2012 at 12:30, Jesse Molina wrote:
>
> Just doing a meetoo here and saying that the removal
On 01/31/2012 06:02 AM, Stefan Esser wrote:
> I can understand that you as a Debian user are sad about
> the fact that Debian's PHP maintainers decided that
> security is not important.
> However from my point of view it is actually better if
> Debian does not ship Suhosin by default. That might st
On Tue, 2012-01-31 at 04:50 +0800, Thomas Goirand wrote:
> Do you have some skills
> that you could lend for this work?
Well as said, I'm really no PHP expert and basically just forced to use
it ;) ...
> If you didn't get in touch with upstream and not pushing for this to
> happen, yes you are dr
On Mon, 2012-01-30 at 23:02 +0100, Stefan Esser wrote:
> Yeah it is really amusing that Debian's PHP maintainers spend
> hours/days on writing emails about dropping Suhosin and voting on it.
> Then spend more time on patching their build scripts to no longer ship
> Suhosin by default. Then spend ev
Hello Christoph,
> Unfortunately Debian's php maintainers had to drop the suhosin core
> patches (for now), as far as I understand mainly because of lack of
> man-power.
Yeah it is really amusing that Debian's PHP maintainers spend hours/days on
writing emails about dropping Suhosin and voting o
Hi Stefan.
Unfortunately Debian's php maintainers had to drop the suhosin core
patches (for now), as far as I understand mainly because of lack of
man-power.
I've opened a bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657698
where I asked (or begged ;) ) them to add it back or (even bette
On Sun, 2012-01-29 at 22:56 +0100, Ondřej Surý wrote:
> > Were there any troubles in applying the suhosin core patch to PHP?
> It still applies cleanly.
So the effort it made you was in tracing bugs in software that didn't
work with suhosin?
Isn't this rather the business of upstream of those packa
On Sun, Jan 29, 2012 at 22:36, Christoph Anton Mitterer
wrote:
> Were there any troubles in applying the suhosin core patch to PHP?
It still applies cleanly.
> So is it "just" a matter of making the php5 source package produce binaries
> for both -with-suhosin and no-suhosin?
That's exactly wha
Hi.
I cannot read the those threads right now, as alioth is down... but
anyway...
On Sun, 2012-01-29 at 09:47 +0100, Ondřej Surý wrote:
> The PHP team is undermanned for a very long time
Well I don't wanna tell you how to do your job ;-) ... but wouldn't it
then be better to rather drop some oth
Hi,
there was a short discussion on the mailing list. It was started by Jan Wagner
(maintainer of php5-suhosin module) here:
http://lists.alioth.debian.org/pipermail/pkg-php-maint/2012-January/009642.html
I then asked on the mailing list about other opinions:
http://lists.alioth.debian.org/pipe
10 matches
Mail list logo
