Re: Disabling the Suhosin patch by default in Debian Wheezy (Debian Testing)

2012-02-26 Thread Amos Shapira
I'm not on top of PHP ecosystem, but this article makes Suhosin for PHP sound like what anti viruses are for windows - just fix the bloody core instead of patching around its sub-par code quality. On Feb 26, 2012 7:25 PM, "Omer Zak" wrote: > Very interesting and depressing article. > The general

Re: Disabling the Suhosin patch by default in Debian Wheezy (Debian Testing)

2012-02-26 Thread Omer Zak
Very interesting and depressing article. The general problem is one of securing large software packages. On one hand, there are optional security patches for the Linux kernel. Some of them retain their independence for a while. Others get merged into the stock kernel. On the other hand, I don't

Re: Disabling the Suhosin patch by default in Debian Wheezy (Debian Testing)

2012-02-25 Thread Baruch Siach
Hi Omer, On Sat, Feb 25, 2012 at 11:21:38PM +0200, Omer Zak wrote: > Today, when I upgraded my old PC, which is running Debian Testing > (currently Debian Wheezy), I was informed of the following: > > php5 (5.3.9-4) unstable; urgency=low > > * The Suhosin patch is now disabled in the default b

Re: Disabling the Suhosin patch by default in Debian Wheezy (Debian Testing)

2012-02-25 Thread Lior Kaplan
Well, as a new member on the Debian PHP team I could say that maintaining the patch took a lot of time. Each reported PHP problem was needed to understand whether it's because of the patch or not. Also, the upstream for the patch isn't very nice/cooperative so we decided to skip it. Another issue

Re: Disabling the Suhosin patch by default in Debian Wheezy (Debian Testing)

2012-02-25 Thread Omer Zak
I asked on the mailing lists after a quick search in http://bugs.debian.org/ failed to yield results. Now I made more determined search and found the following: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657698 Accoding to it, there are problems with the Suhosin patch and human resources nee

Re: Disabling the Suhosin patch by default in Debian Wheezy (Debian Testing)

2012-02-25 Thread Amos Shapira
I suspect that digging Debian's usurious tracking site would give you more definitive answers than speculations on a general mailing lists. On Feb 26, 2012 8:42 AM, "Omer Zak" wrote: > Today, when I upgraded my old PC, which is running Debian Testing > (currently Debian Wheezy), I was informed of

Disabling the Suhosin patch by default in Debian Wheezy (Debian Testing)

2012-02-25 Thread Omer Zak
Today, when I upgraded my old PC, which is running Debian Testing (currently Debian Wheezy), I was informed of the following: php5 (5.3.9-4) unstable; urgency=low * The Suhosin patch is now disabled in the default build. If you want to re-enable it again for your installation, you can set