1 |
We, the Gentoo PHP team, are going to mask =dev-lang/php-4* [0] and all |
2 |
packages explicitly depending on this version of php around October |
3 |
18th (i.e. the whole dev-php4/ category (36 packages) and |
4 |
www-apps/knowledgetree, unless there is a php5-compatible version by |
5 |
the time of masking; bug 194894 [1]). This step is necessary as |
6 |
there is hardly any upstream activity anymore. |
7 |
|
8 |
The last official version of php-4 (4.4.7) dates back to May 3rd and is |
9 |
in the same state as php-5.2.2 security-wise (and we all know how many |
10 |
issues php-5 has had in the past, just have a look at the recently |
11 |
published GLSA 200710-02 [2]). |
12 |
|
13 |
All those security problems, which were fixed in the 5.2 branch, |
14 |
possibly apply to the 4.4 branch as well, yet there are no (backported) |
15 |
fixes in upstream CVS and there is no sign of an upcoming release |
16 |
either. |
17 |
This means, if we were to continue php-4 support we would have to do |
18 |
the upstream work and compile a list of issues + patches. Upstream |
19 |
developers seem to see it the same way -- "if you really want to get it |
20 |
done - do it" was one reply when I asked what's up with php-4. No one |
21 |
from our PHP team has the time and motivation to do that work, and as |
22 |
such we are going to mask it (unless someone volunteers to do the work |
23 |
and/or upstream becomes active again). |
24 |
|
25 |
We will still keep php-4 (and all related packages) in the tree until at |
26 |
least the end of the year (this is the date where official upstream |
27 |
"support" ends) and bump it if (and not "when"...) there are any |
28 |
releases. |
29 |
|
30 |
We advise all users of php-4 to upgrade to php-5 as soon as possible, |
31 |
although it may break really old PHP scripts which rely on |
32 |
php-4 specific behaviour. Please see the upstream documentation |
33 |
[3][4][5] for any advice on how to migrate your scripts. |
34 |
|
35 |
[0] http://bugs.gentoo.org/show_bug.cgi?id=189172 |
36 |
[1] http://bugs.gentoo.org/show_bug.cgi?id=194894 |
37 |
[2] http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml |
38 |
[3] http://www.php.net/manual/en/migration5.php |
39 |
[4] http://www.php.net/manual/en/migration51.php |
40 |
[5] http://www.php.net/manual/en/migration52.php |
41 |
|
42 |
-- |
43 |
Christian Hoffmann |
44 |
Gentoo PHP herd |