Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds

2012-02-02 Thread Pierre Joye
Hi Stefan, On Thu, Feb 2, 2012 at 2:31 PM, Stefan Esser wrote: > Hello Ondřej, > >> My personal feeling is that most people see suhosin as "this is about >> security, thus it must be good". This combined with bad PHP security >> history makes everybody feel insecure when suhosin was removed, but

Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds

2012-02-02 Thread Pierre Joye
hi Stefan, On Thu, Feb 2, 2012 at 3:14 PM, Stefan Esser wrote: > Hello Pierre, > >> About the current flaw affecting 5.3/4, PHP and suhosin had bugs, and >> will have bugs. This is not really hot news. That does not affect this >> discussion. > > I know that for many years you have not understood