Comment 16 for bug 316441

The irony of the situation is that the latest Ubuntu PHP packages, in Maverick and also Lucid I believe (but don't have a running version to hand to verify) actually do contain the "original" php.net defaults for garbage collection. So in fact BOTH the default PHP garbage collector and the Debian cron job are running.

So now not only does this supposed security flaw (according to Ondřej) now exist in the package, but also the half-assed Debian cron job that doesn't even prevent multiple versions of itself running and causes extremely high IO. Replacing one flawed system with another flawed system is not a solution.

The reality is that Debian are the real package maintainers and Ubuntu just make a few small modifications and run the auto build scripts, hence we're probably wasting our breath raising the issue here.