Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-announce
Navigation:
Lists: gentoo-announce: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-announce@g.o
From: Christian Hoffmann <hoffie@g.o>
Subject: Upcoming masking of dev-lang/php-4* and packages depending on it
Date: Tue, 16 Oct 2007 23:42:17 +0200
We, the Gentoo PHP team, are going to mask =dev-lang/php-4* [0] and all
packages explicitly depending on this version of php around October
18th (i.e. the whole dev-php4/ category (36 packages) and
www-apps/knowledgetree, unless there is a php5-compatible version by
the time of masking; bug 194894 [1]). This step is necessary as
there is hardly any upstream activity anymore.

The last official version of php-4 (4.4.7) dates back to May 3rd and is
in the same state as php-5.2.2 security-wise (and we all know how many
issues php-5 has had in the past, just have a look at the recently
published GLSA 200710-02 [2]).

All those security problems, which were fixed in the 5.2 branch,
possibly apply to the 4.4 branch as well, yet there are no (backported)
fixes in upstream CVS and there is no sign of an upcoming release
either.
This means, if we were to continue php-4 support we would have to do
the upstream work and compile a list of issues + patches. Upstream
developers seem to see it the same way -- "if you really want to get it
done - do it" was one reply when I asked what's up with php-4. No one
from our PHP team has the time and motivation to do that work, and as
such we are going to mask it (unless someone volunteers to do the work
and/or upstream becomes active again).

We will still keep php-4 (and all related packages) in the tree until at
least the end of the year (this is the date where official upstream
"support" ends) and bump it if (and not "when"...) there are any
releases.

We advise all users of php-4 to upgrade to php-5 as soon as possible,
although it may break really old PHP scripts which rely on
php-4 specific behaviour. Please see the upstream documentation
[3][4][5] for any advice on how to migrate your scripts.

[0] http://bugs.gentoo.org/show_bug.cgi?id=189172
[1] http://bugs.gentoo.org/show_bug.cgi?id=194894
[2] http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
[3] http://www.php.net/manual/en/migration5.php
[4] http://www.php.net/manual/en/migration51.php
[5] http://www.php.net/manual/en/migration52.php

-- 
Christian Hoffmann
Gentoo PHP herd
Attachment:
signature.asc (PGP signature)
Navigation:
Lists: gentoo-announce: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
[ GLSA 200710-16 ] X.Org X server: Composite local privilege escalation
Next by thread:
[ GLSA 200710-17 ] Balsa: Buffer overflow
Previous by date:
[ GLSA 200710-16 ] X.Org X server: Composite local privilege escalation
Next by date:
[ GLSA 200710-17 ] Balsa: Buffer overflow


Updated Jun 17, 2009

Summary: Archive of the gentoo-announce mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.