Comment 4 for bug 315507

Speaking as Debian Maintainer of the source package php-suhosin, I think you didn't understand, what the package "php5-suhosin" stands for.
If you did have a look into the Upstream homepage[1], you can read the following in the beginning of the page:

"Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections."

So we are talking about 2 different things .... php5-suhosin isn't the equvalent to php5 with the suhosin patch, it is the package which ships the suhosin (modul-) extension for PHP.
php5 is default patched with the suhosin patch by the Debian PHP Maintainers, but this shouldn't harm you, cause it just provides logging functions, see [2].

If you what to get rid of the suhosin stuff you have serveral options. Removing php5-suhosin is the most radical option. But you can also force suhosin into simulation mode[3], which can be set global in PHP or local (for example in vhost).

Thanks for your attention, Jan.

[1] http://www.hardened-php.net/suhosin/
[2] http://www.hardened-php.net/suhosin/configuration.html
[3] http://www.hardened-php.net/suhosin/faq.html#will_my_application_break_because_suhosin_is_too_restrictive