Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 20 Sep 2010 11:00:34 -0400 (EDT)
From:      doug@safeport.com
To:        freebsd-questions@freebsd.org
Subject:   Re: why is the PHP stuff line "off" by default in ports/lang/php5?
Message-ID:  <alpine.BSF.2.00.1009201025480.89612@fledge.watson.org>
In-Reply-To: <AANLkTimh%2B_ZfUhBcjONGQFgfCsvFyqnDaKHvP6L=ar4Q@mail.gmail.com>
References:  <20100918114500.C20F41065761@hub.freebsd.org> <20100919194813.J11124@sola.nimnet.asn.au> <AANLkTimjA9mfCSWDV7vUUPAp2-ORqLxEsar5_CBW=E_d@mail.gmail.com> <4C971132.7060809@FreeBSD.org> <AANLkTimh%2B_ZfUhBcjONGQFgfCsvFyqnDaKHvP6L=ar4Q@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 20 Sep 2010, Rob Farmer wrote:

> On Mon, Sep 20, 2010 at 00:45, Alex Dupre <ale@freebsd.org> wrote:
>> This "issue" has been discussed too many times. The answer is simply
>> "no", but you can search the archives for the actual reason. You have to
>> comile the module for your specific apache installation.
>>
>> --
>> Alex Dupre
>>
>
> If you can't be bothered to give the "actual reason," then why even reply?
>
> I have searched the archives. Unfortunately, there are so many
> messages revolving around how to set up php, secure it, etc. that it
> becomes difficult to find anything relevant. The only thing I came
> across was a thread from 2007 about how this is "more like a personal
> preference than engineering as such"[1] and "its just one of those
> things that you learn to live with after a while."[2]
>
> [1] http://lists.freebsd.org/pipermail/freebsd-questions/2007-June/151399.html
> [2] http://lists.freebsd.org/pipermail/freebsd-questions/2007-June/151384.html

I think that response was not all that unreasonable. I 'remember' the topic in 
general. My questions archive has > 80,000 messages. Most [all??] of the ones 
relating to this issue probably do not address that in the subject line and are 
thus lost [to me].

That said the following reasons come to mind:

    1) security - google + security + php = 9.7 million hits
       Probably enough said. But if I do not have php installed why should I
       have to prune it from apache or worry about the subset of the 9.7 hits
       that relate to my server[s].

    2) apache builds w/o php, and should php4, php5, or php6 be included by
       default? The base apache httpd.conf file requires several statement to
       support php, they should not have to be removed if php is not installed.
       Having the base of any port install other packages/ports that are not
       required breaks the requirements/dependencies that are the heart of the
       ports system.

    3) I think (proof left to the reader) there is an apache/php package.

    4) My own opinion of best admin practices generally follows, if you don't
       need it, don't install it.

If you build/install something like wordpress that requires both php and apache, 
the correct thing is done. Usually even the required directives are added to 
httpd.conf. The original question does not say if a port management system was 
used to upgrade apache. If that was the case, perhaps one could argue apache was 
not updated properly. Even in that case, I would argue that the bug [if any] 
lies with the port management system.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1009201025480.89612>