Results 1 to 7 of 7

Thread: Removing Suhosin php patch by default request

  1. #1
    Join Date
    Feb 2006
    Beans
    22

    Removing Suhosin php patch by default request

    I would like to know how to request to the server team how to remove the Suhosin patch from the default php installation.

    Or at least let people apt-get remove it if they want.

    Where do I submit this?

    I would also like to understand the reasoning behind it, especially as Suhosin hasn't been updated for 2 years and it is effecting perfectly secure applications.

    Having to recompile debs to do this is mental. I thought that is what package management is meant to avoid.

    See this thread:

    http://ubuntuforums.org/showthread.php?t=698306

    And this blog
    http://ambitonline.com/nextrelease/a...e-Suhosin.html

  2. #2
    Join Date
    Feb 2006
    Beans
    22

    Re: Removing Suhosin php patch by default request

    I have filled a bug report on this.

    Dunno if that was the right place!

    https://bugs.launchpad.net/ubuntu/+s...p5/+bug/315507
    Last edited by johnwards; January 12th, 2009 at 09:34 AM.

  3. #3
    Join Date
    Dec 2006
    Location
    Chicago
    Beans
    3,839

    Re: Removing Suhosin php patch by default request

    Quote Originally Posted by johnwards View Post
    I have filled a bug report on this.

    Dunno if that was the right place!
    How about posting a link to that bug report?

  4. #4
    Join Date
    Feb 2008
    Location
    USA
    Beans
    189
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Removing Suhosin php patch by default request

    Quote Originally Posted by johnwards View Post
    I have filled a bug report on this.

    Dunno if that was the right place!

    Thank you for this. IF the developers really think Suhosin patch is necessary, that's all fine and good, but at the very least there needs to be an option for those of us who know what it is and have a reason NOT to use it to opt out.

    And yes, I could compile php on my own. I could also not use ubuntu at all. As stated before, use of the packages and configurability through that method is WHY some us use ubuntu for our servers, and it would be nice if this particular choice wasn't forced on us.

    Anyway, +1 on the bug link. If you could post it here, I could put my 2 cents in.

  5. #5
    Join Date
    Feb 2006
    Beans
    22

    Re: Removing Suhosin php patch by default request

    I'm on my phone at the mo so copy and paste is hard.

    I've linked to the bug report in a comment i have left in the blog post linked to in the original thread.

    If someone could kindly put the link up that would be great. If not i'll do it on monday.

  6. #6
    Join Date
    Feb 2006
    Beans
    22

    Re: Removing Suhosin php patch by default request


  7. #7
    Join Date
    Feb 2008
    Beans
    35

    Re: Removing Suhosin php patch by default request

    I've hit the same wall - having lot's of issues with Suhosin, can't remove it, can't betray Ubuntu by changing it to some other distros like CentOS. Deadend

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •