From owner-freebsd-ports@FreeBSD.ORG  Tue May 15 15:17:29 2012
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 936C6106564A
	for <freebsd-ports@freebsd.org>; Tue, 15 May 2012 15:17:29 +0000 (UTC)
	(envelope-from scheidell@FreeBSD.org)
Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net
	[204.89.241.253])
	by mx1.freebsd.org (Postfix) with ESMTP id 5D85E8FC15
	for <freebsd-ports@freebsd.org>; Tue, 15 May 2012 15:17:29 +0000 (UTC)
Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net
	[10.70.1.253])
	by mx1.secnap.com.ionspam.net (Postfix) with ESMTP id 3145C621C3B
	for <freebsd-ports@freebsd.org>; Tue, 15 May 2012 11:17:23 -0400 (EDT)
X-Virus-Scanned: SpammerTrap(r) VPS-1500 2.18 at mx1.secnap.com.ionspam.net
Received: from USBCTDC001.secnap.com (usbctdc001.secnap.com [10.70.1.1])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by mx1.secnap.com.ionspam.net (Postfix) with ESMTPS id 779D6621C07
	for <freebsd-ports@freebsd.org>; Tue, 15 May 2012 11:17:22 -0400 (EDT)
Message-ID: <4FB2737E.8040005@FreeBSD.org>
Date: Tue, 15 May 2012 11:17:18 -0400
From: Michael Scheidell <scheidell@FreeBSD.org>
Organization: SECNAP Network Security Corp
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US;
	rv:1.9.2.20) Gecko/20110804 Thunderbird/3.1.12
MIME-Version: 1.0
To: <freebsd-ports@freebsd.org>
References: <CAERaTk--Qb4ez2qYOjk51qws_2G0jcj4qZLGdeY-nZV1C3jjHA@mail.gmail.com>	<201203112026.30630.subbsd@gmail.com>
	<4F5DB7C7.6090308@FreeBSD.org>	<CAERaTk_F=VWCPqwbac_Oww+6iWX0wCgn6NSVXKwJntRaWGYKsQ@mail.gmail.com>	<4F8FBE09.5070101@FreeBSD.org>	<CAERaTk_7zo2D9eiw8eusGDPa+cfsupywja9P088b8frM-+8oBA@mail.gmail.com>	<1337085591.10656.24.camel@ompc.insign>
	<CAERaTk-vWWjf_L0y-Vq3CeAuoF2VTBYJR0E0FOCB3ZTHgv4BYQ@mail.gmail.com>
In-Reply-To: <CAERaTk-vWWjf_L0y-Vq3CeAuoF2VTBYJR0E0FOCB3ZTHgv4BYQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: PHP 5.4.0 : lang/php54
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2012 15:17:29 -0000



On 5/15/12 11:05 AM, Svyatoslav Lempert wrote:
> So I think we need release a new version without suhosin patch and
> check the compatibility of all ports that depend on it (before), and
> then when suhosin will appear (if there), then simply add it to the
> port.
>
-1
susosin patch is not a 'compatibility' issue.  it is a security issue.
I would consider recommending a lang/php54 port, for people who 
absolutely need it.  include the 'WITH_SUHOSIN_PATCH' knob and mark it 
'IGNORE' so that anyone who expects the stsndard, default, upward 
compatible security will be warned against installing this port.

leave php5.3 the default lang/php5 for now.  wait till suhosin patch is 
released.  use lang/php54 for anyone who absolutely must play with 5.4
(I am still going through pains replacing apache 13 and php5.2 with 
nginx and php53).  don't think I want to /_by default_/ open up a 
security hole.


-- 
Michael Scheidell, CTO
 >*| * SECNAP Network Security Corporation
d: +1.561.948.2259
w: http://people.freebsd.org/~scheidell