-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Full PHP 5.4.x compatibility #14
Comments
estimated time? |
Is the suhosin core patch also maintained in some git? Any estimates when that will be ready for 5.4.x? :) |
yeah that would be great to know :) |
It would be great to know if there ever will be any suhosin for php-5.4. Looks like last commit was in May 2012. I have a distro to release who uses suhosin. I have to decide to either keep php 5.3 with suhosin or ditch suhosin and go for php 5.4. We are not taking suhosin back once its kicked out so I would prefer keep php-5.3 suhosin and wait. |
I think it's clear that Suhosin is now dead as PHP 5.4.x has been available for a long time. Most repositories have added versions 5.4.x and removed Suhosin. |
@Rewt0r so this extension is redundant in php 5.4.9? |
@drewsymo it's not redundant (PHP 5.4.x does not contain Suhosin's functionality), it's simply unsupported (there is no such thing as a PHP5.4 + Suhosin, at least not at the time of this writing). |
PHP 5.4.9 work with Suhosin "PHP Version 5.4.9-1~dotdeb.0 Or, i'm wrong ? :-\ |
Awesome news. |
I have a fix for sessions in #26 |
@stef157 @rendhalver JFTR I think it's quite wrong from dotdeb people to use development version of suhosin in their builds. @stefanesser himself asked to not use this patch, since there's no guarantee that the patch will catch all security properties of PHP 5.4, since many internals has changed. This would only lead to warm and wrong feeling of security, but not the real protection. |
Hi, AFAIK dotdeb have removed suhosin completly from their builds of PHP 5.4. At least they don't provide it at their repository: |
@RealRancor, since @oerdnj is the .deb maintainer he probably knows that ;-) Should Suhosin come back (which I'd really hope) and should one see that it stays alive (i.e. getting constant maintenance again, also for new versions of PHP),... the Debian PHP maintainers will hopefully reconsider their decision and simply provide packages for both, with the Suhosin core patch and without, so that people can choose whether they prefer the "extra security" or performance. |
@calestyo However, the current Debian stable ship left the dock a long time ago, and we're stuck in 1750, when we had no helicopters to fly out that new thing to their ship. In other words: start focusing on keeping Suhosin in Debian unstable and testing, and hope it makes the next stable release. |
@jani It's not even likely. |
@jani Well that’s quite outdated… and the module is probably not the main problem… it’s the core patch, which the Debian PHP maintainers would need to accept again and/or build simply two version of all the core php packages, as I’d prefer it. |
@calestyo The point is that if you have something in there, and want to update it, that is somewhat easier than arguing for something that is not in there. :) And yes, PHP 5.5 is also a challenge here. There is, however, quite some time until the feature freeze for the next Debian stable (Jessie). |
@oerdnj Why? If someone does make a 5.3-equivalent viable patch, why should that not "happen" for Debian? What is your role in this? |
Could you guys please stop discussing "Debian Suhosin" in this place? Every open source developer is happy not to have to deal with broken Debian versions of his software. Anyway if you want Debian Suhosin then discuss it in a different place. |
Just as a reminder that PHP 5.4.x is not yet supported.
Current tree compiles against it, without disabling features.
However some problems with the dropped variable statistics and the session module.
The text was updated successfully, but these errors were encountered: