Christian Sager - 2012-02-06 20:54:16
I would like to see suhosin optional by php.ini option. In this way a web master can evaluate the risk and benefits.
I strongly encourage the core php team to give more attention to security issues, especially addressing long known problems.
Clearly adding security fixes is dicey, as the current example shows. To me the strategy should be to provide security improvements as option if a measure cannot be agreed upon unanimously.