[arch-general] [arch-dev-public] PHP: Dropping Suhosin patch and PEAR
David C. Rankin
drankinatty at suddenlinkmail.com
Fri Aug 19 18:29:11 EDT 2011
On 08/18/2011 10:17 AM, Pierre Schmitz wrote:
> On Thu, 18 Aug 2011 16:32:15 +0200, Pierre Schmitz wrote:
>> Hi all,
>>
>> The recent PHP 5.3.7 packages will be shipped without the Suhosin patch
>> and there also wont be a PEAR package.
>>
>> While I like the suhosin project I have to assume that this is stalled
>> at best. There are no new releases since PHP 5.3.4 was released. I also
>> wasn't able to contact the author to ask about the current state. Even
>> though porting the patch to new minor php releases is quite easy, I
>> don't feel comfortable about this; doing so wont also be "the Arch way".
>> If anybody knows more about the current state of Suhosin, please let me
>> know. Note: I'll keep the Suhosin extension as long as it works though.
>
> Now that is perfect timing :-)
> https://twitter.com/#!/i0n1c/status/104194056384552960
>
> I'll have a look at that then.
>
>
That is good timing, the additional security is welcomed.
The pear issue is also relatively critical. Removal of pear will break groupware
packages (egroupware, etc..) until users manually install it separately.
--
David C. Rankin, J.D.,P.E.
More information about the arch-general
mailing list