#20681: php-5.3.0 introduce variant 'suhosin' which adds the suhosin _patch_ ---------------------------------------+------------------------------------ Reporter: Markus.Ueberall@… | Owner: ryandesign@… Type: enhancement | Status: assigned Priority: Normal | Milestone: Component: ports | Version: 1.7.1 Keywords: | Port: php5 ---------------------------------------+------------------------------------ Comment(by Markus.Ueberall@…): Replying to [comment:2 ryandesign@…]:
Can anyone explain why they are (for some time now, as I understand it) distributed separately from PHP by separate people, and not part of the PHP core source code?
The only reason I found (which is cited, e.g., in a recent short article in the german magazine "c't" that deals with PHP security) is that-- according to the Stefan Esser (the author of Suhoshin)--the combination of patch and extension can slow down PHP scripts by as much as 10 percent in extreme cases (the patch being the 'computationally more expensive' part). However, I didn't see a single thread discussing the patch's adaption upstream, which I find a bit surprising (then, maybe I looked at the wrong places)... That said, quite a number of Linux distributions (including Ubuntu, Debian, OpenSuse, Mandriva) nowadays include the patch by default. -- Ticket URL: <http://trac.macports.org/ticket/20681#comment:3> MacPorts <http://www.macports.org/> Ports system for Mac OS