Ideally both php-vanilla and php-suhosin packages would be available so end users can choose for themselves. If there's not enough time to maintain two packages then vanilla PHP should go in the repos first.
And, Suhosin or no Suhosin, if you're hosting a popular PHP app then you WILL get owned at some point. With the proper mindset and preparation, the hundreds of serious PHP vulns are not that a big deal.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds