Speaking as Debian Maintainer of the source package php-suhosin, I think you didn't understand, what the package "php5-suhosin" stands for. If you did have a look into the Upstream homepage[1], you can read the following in the beginning of the page:
"Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections." So we are talking about 2 different things .... php5-suhosin isn't the equvalent to php5 with the suhosin patch, it is the package which ships the suhosin (modul-) extension for PHP. php5 is default patched with the suhosin patch by the Debian PHP Maintainers, but this shouldn't harm you, cause it just provides logging functions, see [2]. If you what to get rid of the suhosin stuff you have serveral options. Removing php5-suhosin is the most radical option. But you can also force suhosin into simulation mode[3], which can be set global in PHP or local (for example in vhost). Thanks for your attention, Jan. [1] http://www.hardened-php.net/suhosin/ [2] http://www.hardened-php.net/suhosin/configuration.html [3] http://www.hardened-php.net/suhosin/faq.html#will_my_application_break_because_suhosin_is_too_restrictive -- Unable to remove Suhosin patch https://bugs.launchpad.net/bugs/315507 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
