[pkg-php-pear] Fixing FTBFS in symfony before the PHP migration

"David Prévot" david at tilapin.org
Sun Jan 17 19:46:38 UTC 2016


Hi Daniel,

>> There is something special about this version:
>> It embeds paragonie/random_compat into symfony/security.
>
> That’s seems fine, but maybe a bit weird to see it installed in a
> 
/vendor/ path. On the other hand, since it’s just a temporary workaround,
> I guess it doesn’t matter. Please update the d/copyright anyway.

According to the changelog, the goal of this change may be to fix a
security issue:

 * security #17359 do not ship with a custom rng implementation (xabbuh,
fabpot)

I don’t know the security implications of this fix, but it seems important
enough to upstream to backport it to all currently maintained branches.
Can you have a look at it, and eventually propose a patch for Jessie if
it’s worth it?

Regards

David




More information about the pkg-php-pear mailing list