[Bug 948156] Re: Include PHP 5.4 to Ubuntu 12.04 release
Clint Byrum
clint at fewbar.com
Tue Mar 20 16:32:29 UTC 2012
Leaving Suhosin would be potentially leaving our users vulnerable, and
adding pressure to the security team when new problems are found. The
trade off is of course that in 2 years, when upstream PHP drops 5.3,
we'll still be backporting security fixes to 12.04's 5.3.10.
The timing of 5.4.0 has been most unfortunate. Had it landed in January,
perhaps Suhosin would have been updated in time.
At this point, its not looking good, unless a compelling argument for
dropping Suhosin is made, or Suhosin releases in the next couple of
days. In discussing with the security team, there's a strong desire to
ship PHP 5.4.0+Suhosin, but quite a bit of hesitation in shipping 5.4.0
without it.
Anyway, Once beta2 freezes later this week, I think its over.
Thus far, I think I'd rather have a well known stabilized PHP 5.3 with
Suhosin than 5.4.0 without Suhosin.
I appreciate the effort everyone has been putting into this, and I still
have hope, but time is quite short now.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/948156
Title:
Include PHP 5.4 to Ubuntu 12.04 release
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/948156/+subscriptions
More information about the Ubuntu-server-bugs
mailing list