LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds

[Posted February 8, 2012 by jake]

From:  Stefan Esser <stefan-AT-nopiracy.de>
To:  Pierre Joye <pierre.php-AT-gmail.com>
Subject:  Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds
Date:  Fri, 3 Feb 2012 10:41:04 +0100
Message-ID:  <A33C7716-F355-455E-863D-5458205C3208@nopiracy.de>
Cc:  Soenke Ruempler - Jimdo <soenke-AT-jimdo.com>, PHP internals <internals-AT-lists.php.net>
Archive-link:  Article, Thread 

Hello Pierre,

> Again, please tell me which part of Suhosin would make sense to have
> in the core? With technical explanation or details. Then we can begin
> a good discussion and maybe a RFC to get them in.

what part of "all of it and I am not going to try to convince you about this" do you not
understand?

I am not interested in pushing Suhosin into PHP mainline. Why in hell would I want that. If Suhosin
gets absorbed by PHP.net then I would have to start a new project, because there are tons of
mitigations I can think up that will be implemented at some point in time and will never make it
into PHP mainline.

With Suhosin existing I am free to implement as many security mitigations I like and do not have to
beg the PHP developers to consider adding something.

Regards,
Stefan
-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds