For discussion of Alpine Linux development and developer support

3 3

[alpine-devel] PHP5 EOL

Andy Postnikov
Details
Message ID
<CAM0T6JdpGNnc-aN9hFxQWvvYh75Sur77GuZh=ErQR46njToWUw@mail.gmail.com>
Sender timestamp
1534853615
DKIM signature
missing
Download raw message
Hi there!

I'd like to get opinions on a way how to get rid of php5 & related packages
from edge & 3.9

On 31 Dec 2018 php5 goes EOL https://secure.php.net/supported-versions.php
it means no more security updates will be available

In edge there are 3 packages - php5, php5-apcu & php5-suhosin (all in
community)
Also there's 5 packages that depends on php5 - cacti-php5,
phoronix-test-suite, phpldapadmin, rutorrent, zoneminder

I suggest to get rid of php5 packages, fix dependent ones as first step,
filed https://bugs.alpinelinux.org/issues/9291 to track changes

Then makes sense to rename all php7 packages to get rid of *7* suffix.

Also it makes sense to normalize package names for the rest of php
extensions be splitting PECL-based  and others. Filed
https://bugs.alpinelinux.org/issues/9277 to track this

-- 
*Andy Postnikov*, drupal consultant

dgo.to/@andypost
skype:andypost2005
Ferris Ellis
Details
Message ID
<24BDEF89-221D-4D9C-87A5-FDE5059B0474@ferrisellis.com>
In-Reply-To
<CAM0T6JdpGNnc-aN9hFxQWvvYh75Sur77GuZh=ErQR46njToWUw@mail.gmail.com> (view parent)
Sender timestamp
1535118331
DKIM signature
missing
Download raw message
Andy,

I’m sorry to say that I personally have no idea how to achieve this. But as someone with an InfoSec background I am nudging this thread and adding my name to the list of people on the alpine-devel mailing list who think this deserves more discussion.

Cheers,
Ferris

> On Aug 21, 2018, at 8:13 AM, Andy Postnikov <apostnikov@gmail.com> wrote:
> 
> Hi there!
> 
> I'd like to get opinions on a way how to get rid of php5 & related packages from edge & 3.9
> 
> On 31 Dec 2018 php5 goes EOL https://secure.php.net/supported-versions.php
> it means no more security updates will be available 
> 
> In edge there are 3 packages - php5, php5-apcu & php5-suhosin (all in community)
> Also there's 5 packages that depends on php5 - cacti-php5, phoronix-test-suite, phpldapadmin, rutorrent, zoneminder
> 
> I suggest to get rid of php5 packages, fix dependent ones as first step, filed https://bugs.alpinelinux.org/issues/9291 to track changes
> 
> Then makes sense to rename all php7 packages to get rid of *7* suffix.
> 
> Also it makes sense to normalize package names for the rest of php extensions be splitting PECL-based  and others. Filed https://bugs.alpinelinux.org/issues/9277 to track this
> 
> -- 
> Andy Postnikov, drupal consultant
> 
> dgo.to/@andypost
> skype:andypost2005
Stuart Cardall
Details
Message ID
<3b54df58-736d-0eb9-a9be-cefffd442f18@it-offshore.co.uk>
In-Reply-To
<24BDEF89-221D-4D9C-87A5-FDE5059B0474@ferrisellis.com> (view parent)
Sender timestamp
1535285304
DKIM signature
missing
Download raw message
I've added a PR for php7-diseval 
<https://github.com/alpinelinux/aports/pull/5061> today but suhosin does 
much more than just disable eval()

https://www.suhosin.org/stories/feature-list.html

suhosin is not yet stable for php7 
<https://github.com/sektioneins/suhosin7>. I'd like php5 to remain until 
suhosin works in php7.

Stuart.


On 08/24/2018 02:45 PM, Ferris Ellis wrote:
> Andy,
>
> I’m sorry to say that I personally have no idea how to achieve this. 
> But as someone with an InfoSec background I am nudging this thread and 
> adding my name to the list of people on the alpine-devel mailing list 
> who think this deserves more discussion.
>
> Cheers,
> Ferris
>
> On Aug 21, 2018, at 8:13 AM, Andy Postnikov <apostnikov@gmail.com 
> <mailto:apostnikov@gmail.com>> wrote:
>
>> Hi there!
>>
>> I'd like to get opinions on a way how to get rid of php5 & related 
>> packages from edge & 3.9
>>
>> On 31 Dec 2018 php5 goes EOL 
>> https://secure.php.net/supported-versions.php
>> it means no more security updates will be available
>>
>> In edge there are 3 packages - php5, php5-apcu & php5-suhosin (all in 
>> community)
>> Also there's 5 packages that depends on php5 - cacti-php5, 
>> phoronix-test-suite, phpldapadmin, rutorrent, zoneminder
>>
>> I suggest to get rid of php5 packages, fix dependent ones as first 
>> step, filed https://bugs.alpinelinux.org/issues/9291 to track changes
>>
>> Then makes sense to rename all php7 packages to get rid of *7* suffix.
>>
>> Also it makes sense to normalize package names for the rest of php 
>> extensions be splitting PECL-based  and others. Filed 
>> https://bugs.alpinelinux.org/issues/9277 to track this
>>
>> -- 
>> *Andy Postnikov*, drupal consultant
>>
>> dgo.to/@andypost <http://dgo.to/@andypost>
>> skype:andypost2005
A. Wilcox
Details
Message ID
<7eb14693-9cd5-4116-8d49-2f619cd2d13a@adelielinux.org>
In-Reply-To
<CAM0T6JdpGNnc-aN9hFxQWvvYh75Sur77GuZh=ErQR46njToWUw@mail.gmail.com> (view parent)
Sender timestamp
1535653041
DKIM signature
missing
Download raw message
On 08/21/18 07:13, Andy Postnikov wrote:
> Then makes sense to rename all php7 packages to get rid of *7* suffix.


Disagree.  Then there's a similar sticky situation when php8 comes out.

--arw


-- 
A. Wilcox (awilfox)
Project Lead, Adélie Linux
http://adelielinux.org