Another Serious Security Bug on PHP 5.3.9

I can feel you regarding your offtopic comments regarding why core developpers step up and leave the project. So much about that.
But let's get back to the topic. The existance of suhosin itself addresses the ignorance of the current team. They've been told about issues for many years, PHP is used by a large userbase on the net, and they have to install an addon/plugin/whatever because the devs won't fix known issues.

Especially in this age, security and reliability is key. Period.

So, instead of extending php with features, maybe it's time to put them on a pile of todo and fix issues first before introducing this new features, or the community might start to turn their backs on php and switch to a language that does not have these issues.

Right but the problems with PHP core is that they do not reckon that the security bugs are more important than the issues caused by the methods to fix them.

For instance, it is claimed that Suhosin may cause PHP to loose 10% of performance. It seems that some core developers do not consider better security more important than any performance loss.

Heh, maybe the 10% performance loss is caused because everything has to be filtered using an additional plugin? Just my 2 cents :)

Actually it seems to be only when you have memory canary options set. These seem to be to verify if memory allocated by PHP is being used beyhond the allocated space due to eventual PHP bugs or security exploit attempts.

These would not be necessary if there are no memory usage bugs, but we never know that because there are no bug free programs.