List Archive: gentoo-announce
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
We, the Gentoo PHP team, are going to mask =dev-lang/php-4*  and all
packages explicitly depending on this version of php around October
18th (i.e. the whole dev-php4/ category (36 packages) and
www-apps/knowledgetree, unless there is a php5-compatible version by
the time of masking; bug 194894 ). This step is necessary as
there is hardly any upstream activity anymore.
The last official version of php-4 (4.4.7) dates back to May 3rd and is
in the same state as php-5.2.2 security-wise (and we all know how many
issues php-5 has had in the past, just have a look at the recently
published GLSA 200710-02 ).
All those security problems, which were fixed in the 5.2 branch,
possibly apply to the 4.4 branch as well, yet there are no (backported)
fixes in upstream CVS and there is no sign of an upcoming release
This means, if we were to continue php-4 support we would have to do
the upstream work and compile a list of issues + patches. Upstream
developers seem to see it the same way -- "if you really want to get it
done - do it" was one reply when I asked what's up with php-4. No one
from our PHP team has the time and motivation to do that work, and as
such we are going to mask it (unless someone volunteers to do the work
and/or upstream becomes active again).
We will still keep php-4 (and all related packages) in the tree until at
least the end of the year (this is the date where official upstream
"support" ends) and bump it if (and not "when"...) there are any
We advise all users of php-4 to upgrade to php-5 as soon as possible,
although it may break really old PHP scripts which rely on
php-4 specific behaviour. Please see the upstream documentation
 for any advice on how to migrate your scripts.
Gentoo PHP herd