Re: Changing to a more recent-ish PHP_VERSION_DEFAULT ?

[Greg Troxel <gdt%lexort.com@localhost>]

Takahiro Kambe <taca%NetBSD.org@localhost> writes:

> Hi,
>
> In message <38745a6f-13e2-48f3-89e0-2302ab436f33%NetBSD.org@localhost>
> 	on Thu, 9 Nov 2023 11:58:29 +0100,
> 	Jean-Yves Migeon <jym%NetBSD.org@localhost> wrote:
>> My concern is that as 7.4 has been EOL for a bit now, most
>> vulnerability reports will ignore that version for CPE version checks,
>> so pkg_admin audit might likely not report CVEs that would be
>> otherwise visible for 8.0 and up
>> 
>> Build breaks are easily caught by bulkbuilds, runtime ones is another
>> matter -- do you think I should wait for Q4 and then make the change
>> to give it more time? Or proceed anyway?
> For default PHP version, we should not wait for Q4 and should switch
> to 8.1.  I hope to do so in a few weeks.

If it happens before the branch it needs to be before 12/1.

And, if we're going to update before the branch, sooner is better as it
gives longer to find and fix problems.  Ideally this sort of thing
should happen soon in quarter.

In theory, every package is already marked with which php versions do
and don't work.  We already have the situation where multiple packages
have disjoint sets of allowable php versions, and that's just how it is.

I'm running nextcloud with 8.0, and that's fine.  I expect that the only
issues are programs that aren't really maintained, and we will just fix
PHP_VERSIONS_ACCEPTED to exclude 81, if that's how it is.

Are there questions about whether so much will break that we might want
to stay at 7.4?  If it's more or less concluded already that 8.1 is the
answer (it seems like yes, and that seems like a reasonable conclusion),
I'd rather just flip today and start the find/fix process.

Has anyone done a bulk build?