From owner-freebsd-ports@FreeBSD.ORG Tue May 15 15:17:29 2012 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 936C6106564A for ; Tue, 15 May 2012 15:17:29 +0000 (UTC) (envelope-from scheidell@FreeBSD.org) Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net [204.89.241.253]) by mx1.freebsd.org (Postfix) with ESMTP id 5D85E8FC15 for ; Tue, 15 May 2012 15:17:29 +0000 (UTC) Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net [10.70.1.253]) by mx1.secnap.com.ionspam.net (Postfix) with ESMTP id 3145C621C3B for ; Tue, 15 May 2012 11:17:23 -0400 (EDT) X-Virus-Scanned: SpammerTrap(r) VPS-1500 2.18 at mx1.secnap.com.ionspam.net Received: from USBCTDC001.secnap.com (usbctdc001.secnap.com [10.70.1.1]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mx1.secnap.com.ionspam.net (Postfix) with ESMTPS id 779D6621C07 for ; Tue, 15 May 2012 11:17:22 -0400 (EDT) Message-ID: <4FB2737E.8040005@FreeBSD.org> Date: Tue, 15 May 2012 11:17:18 -0400 From: Michael Scheidell Organization: SECNAP Network Security Corp User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv:1.9.2.20) Gecko/20110804 Thunderbird/3.1.12 MIME-Version: 1.0 To: References: <201203112026.30630.subbsd@gmail.com> <4F5DB7C7.6090308@FreeBSD.org> <4F8FBE09.5070101@FreeBSD.org> <1337085591.10656.24.camel@ompc.insign> In-Reply-To: Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: PHP 5.4.0 : lang/php54 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 May 2012 15:17:29 -0000 On 5/15/12 11:05 AM, Svyatoslav Lempert wrote: > So I think we need release a new version without suhosin patch and > check the compatibility of all ports that depend on it (before), and > then when suhosin will appear (if there), then simply add it to the > port. > -1 susosin patch is not a 'compatibility' issue. it is a security issue. I would consider recommending a lang/php54 port, for people who absolutely need it. include the 'WITH_SUHOSIN_PATCH' knob and mark it 'IGNORE' so that anyone who expects the stsndard, default, upward compatible security will be warned against installing this port. leave php5.3 the default lang/php5 for now. wait till suhosin patch is released. use lang/php54 for anyone who absolutely must play with 5.4 (I am still going through pains replacing apache 13 and php5.2 with nginx and php53). don't think I want to /_by default_/ open up a security hole. -- Michael Scheidell, CTO >*| * SECNAP Network Security Corporation d: +1.561.948.2259 w: http://people.freebsd.org/~scheidell