Re: PHPv4 EoL

To: pkgsrc-users%netbsd.org@localhost
Subject: Re: PHPv4 EoL
From: Geert Hendrickx <ghen%telenet.be@localhost>
Date: Thu, 6 Dec 2007 14:39:56 -0800

On Thu, Dec 06, 2007 at 08:32:58PM +0100, Joerg Sonnenberger wrote:
> On Thu, Dec 06, 2007 at 09:42:30AM -0500, Greg Troxel wrote:
> >   the user community would be better served if it were removed than it
> >   stayed, modulo the effort of maintaining it*
> > 
> > * and the effort is pretty low once upstream stops patching, and
> >   especially if we don't add vulnerabilities if it's eol
> 
> So you just leave people with vulnerable installations? Bad idea in my
> opinion.

Leave them with a clearly marked-as-vulnerable installation, that's a very
different thing.

We must give people the time to migrate their home-grown or 3rd party web
applications, which can be very non-trivial in many cases.  Not everyone
can afford to run the latest-and-greatest software at all times.

Marking php4 as "eol" should be sufficient to encourage people to upgrade,
and as mentioned, the maintenance effort for us (pkgsrc) is minimal.

Heck, we only just removed BIND 4 from pkgsrc as well..

By the way, PHP.net said they will continue to provide critical security
fixes until August 8, 2008.

        Geert

Follow-Ups:
- Re: PHPv4 EoL
  - From: Joerg Sonnenberger
- Re: PHPv4 EoL
  - From: Greg Troxel

References:
- PHPv4 EoL
  - From: Adrian Portelli
- Re: PHPv4 EoL
  - From: OBATA Akio
- Re: PHPv4 EoL
  - From: Geert Hendrickx
- Re: PHPv4 EoL
  - From: Adrian Portelli
- Re: PHPv4 EoL
  - From: Greg Troxel
- Re: PHPv4 EoL
  - From: Joerg Sonnenberger

Prev by Date: Re: patches for pkgsrc (yacc and lex tools)
Next by Date: Re: PHPv4 EoL
Previous by Thread: Re: PHPv4 EoL
Next by Thread: Re: PHPv4 EoL
Indexes:

Home | Main Index | Thread Index | Old Index