Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 10 Aug 2019 10:17:44 +0200
From:      =?utf-8?Q?Martin_Waschb=C3=BCsch?= <martin@waschbuesch.de>
To:        freebsd-ports@freebsd.org
Subject:   PHP version retirement
Message-ID:  <CF1F28D6-1072-4BE6-B124-A97DE43FA4E6@waschbuesch.de>
next in thread | raw e-mail | index | archive | help 
Hi all,

At least the last  two versions of PHP, 5.6 & 7.0, were removed from =
ports as soon as (or even shortly before) they were no longer actively =
maintained upstream.
I am unsure what the exact reasoning behind this was, but I do not think =
it is a good idea moving forward:

I suppose it is true that outdated & no longer supported versions of PHP =
could be seen as a security risk. So far so good.

However, if, for whatever reason (and I think there are legitimate =
ones), I still need to use a now obsolete version of PHP, having them =
removed from ports effectively makes it harder for me to keep everything =
else up-to-date.
I might have to stick with an old ports revision so I cannot update =
other packages.
If I just keep PHP as is, and update other packages, I cannot easily =
switch to a new version of FreeBSD itself, because I'd have to go back =
to an old revision of ports (hopefully working with the OS version I =
updated to) to compile PHP and then do other packages.
Libraries / dependencies may change and break my PHP, etc.
So, on top of possible security concerns for the outdated software I =
use, I basically get an overall less secure / stable system to boot.

Now, I am not suggesting we leave every old and outdated PHP version in =
ports, but why remove a port just days after it received its last =
security update upstream? (With PHP 5.6 it was actually removed from =
ports before it got its last update upstream).

Would it not be better to have, say, the last two versions before =
current stable still in ports but with a huge disclaimer saying: use at =
your own risk, etc.?

What do y'all think?

Martin=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CF1F28D6-1072-4BE6-B124-A97DE43FA4E6>