Hi there!
I'd like to get opinions on a way how to get rid of php5 & related packages
from edge & 3.9
On 31 Dec 2018 php5 goes EOL https://secure.php.net/supported-versions.php
it means no more security updates will be available
In edge there are 3 packages - php5, php5-apcu & php5-suhosin (all in
community)
Also there's 5 packages that depends on php5 - cacti-php5,
phoronix-test-suite, phpldapadmin, rutorrent, zoneminder
I suggest to get rid of php5 packages, fix dependent ones as first step,
filed https://bugs.alpinelinux.org/issues/9291 to track changes
Then makes sense to rename all php7 packages to get rid of *7* suffix.
Also it makes sense to normalize package names for the rest of php
extensions be splitting PECL-based and others. Filed
https://bugs.alpinelinux.org/issues/9277 to track this
--
*Andy Postnikov*, drupal consultant
dgo.to/@andypost
skype:andypost2005
Andy,
I’m sorry to say that I personally have no idea how to achieve this. But as someone with an InfoSec background I am nudging this thread and adding my name to the list of people on the alpine-devel mailing list who think this deserves more discussion.
Cheers,
Ferris
> On Aug 21, 2018, at 8:13 AM, Andy Postnikov <apostnikov@gmail.com> wrote:> > Hi there!> > I'd like to get opinions on a way how to get rid of php5 & related packages from edge & 3.9> > On 31 Dec 2018 php5 goes EOL https://secure.php.net/supported-versions.php> it means no more security updates will be available > > In edge there are 3 packages - php5, php5-apcu & php5-suhosin (all in community)> Also there's 5 packages that depends on php5 - cacti-php5, phoronix-test-suite, phpldapadmin, rutorrent, zoneminder> > I suggest to get rid of php5 packages, fix dependent ones as first step, filed https://bugs.alpinelinux.org/issues/9291 to track changes> > Then makes sense to rename all php7 packages to get rid of *7* suffix.> > Also it makes sense to normalize package names for the rest of php extensions be splitting PECL-based and others. Filed https://bugs.alpinelinux.org/issues/9277 to track this> > -- > Andy Postnikov, drupal consultant> > dgo.to/@andypost> skype:andypost2005
I've added a PR for php7-diseval
<https://github.com/alpinelinux/aports/pull/5061> today but suhosin does
much more than just disable eval()
https://www.suhosin.org/stories/feature-list.html
suhosin is not yet stable for php7
<https://github.com/sektioneins/suhosin7>. I'd like php5 to remain until
suhosin works in php7.
Stuart.
On 08/24/2018 02:45 PM, Ferris Ellis wrote:
> Andy,>> I’m sorry to say that I personally have no idea how to achieve this. > But as someone with an InfoSec background I am nudging this thread and > adding my name to the list of people on the alpine-devel mailing list > who think this deserves more discussion.>> Cheers,> Ferris>> On Aug 21, 2018, at 8:13 AM, Andy Postnikov <apostnikov@gmail.com> <apostnikov@gmail.com>> wrote:>>> Hi there!>>>> I'd like to get opinions on a way how to get rid of php5 & related >> packages from edge & 3.9>>>> On 31 Dec 2018 php5 goes EOL >> https://secure.php.net/supported-versions.php>> it means no more security updates will be available>>>> In edge there are 3 packages - php5, php5-apcu & php5-suhosin (all in >> community)>> Also there's 5 packages that depends on php5 - cacti-php5, >> phoronix-test-suite, phpldapadmin, rutorrent, zoneminder>>>> I suggest to get rid of php5 packages, fix dependent ones as first >> step, filed https://bugs.alpinelinux.org/issues/9291 to track changes>>>> Then makes sense to rename all php7 packages to get rid of *7* suffix.>>>> Also it makes sense to normalize package names for the rest of php >> extensions be splitting PECL-based and others. Filed >> https://bugs.alpinelinux.org/issues/9277 to track this>>>> -- >> *Andy Postnikov*, drupal consultant>>>> dgo.to/@andypost <http://dgo.to/@andypost>>> skype:andypost2005
On 08/21/18 07:13, Andy Postnikov wrote:
> Then makes sense to rename all php7 packages to get rid of *7* suffix.
Disagree. Then there's a similar sticky situation when php8 comes out.
--arw
--
A. Wilcox (awilfox)
Project Lead, Adélie Linux
http://adelielinux.org