PHP version retirement
Martin Waschbüsch
martin at waschbuesch.de
Sat Aug 10 08:17:50 UTC 2019
Hi all,
At least the last two versions of PHP, 5.6 & 7.0, were removed from ports as soon as (or even shortly before) they were no longer actively maintained upstream.
I am unsure what the exact reasoning behind this was, but I do not think it is a good idea moving forward:
I suppose it is true that outdated & no longer supported versions of PHP could be seen as a security risk. So far so good.
However, if, for whatever reason (and I think there are legitimate ones), I still need to use a now obsolete version of PHP, having them removed from ports effectively makes it harder for me to keep everything else up-to-date.
I might have to stick with an old ports revision so I cannot update other packages.
If I just keep PHP as is, and update other packages, I cannot easily switch to a new version of FreeBSD itself, because I'd have to go back to an old revision of ports (hopefully working with the OS version I updated to) to compile PHP and then do other packages.
Libraries / dependencies may change and break my PHP, etc.
So, on top of possible security concerns for the outdated software I use, I basically get an overall less secure / stable system to boot.
Now, I am not suggesting we leave every old and outdated PHP version in ports, but why remove a port just days after it received its last security update upstream? (With PHP 5.6 it was actually removed from ports before it got its last update upstream).
Would it not be better to have, say, the last two versions before current stable still in ports but with a huge disclaimer saying: use at your own risk, etc.?
What do y'all think?
Martin
More information about the freebsd-ports
mailing list