[Bug 198150] PHP 53 - 6 months EOL - this should not be in ports

Mon Mar 2 09:19:38 UTC 2015

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198150

            Bug ID: 198150
           Summary: PHP 53 - 6 months EOL - this should not be in ports
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Ports Framework
          Assignee: freebsd-ports-bugs at FreeBSD.org
          Reporter: marino at FreeBSD.org
                CC: portmgr at FreeBSD.org

I'm filing this under infrastructure so portmgr can make the call.

PHP 5.3 has been EOL from security fixes for six months already:
http://php.net/eol.php

In fact, PHP 5.4 has already ceased development and it's security fix EOL is
Sept 2015, right around the corner

The maintainer is flo at .  I expressed my concern about this security
vulnerability that FreeBSD is enabling by bypassing upstream's recommendation. 
He said that somebody asked him to keep it in ports and would take
responsibility for security updates.

I don't have faith in that approach.
Also, pkgsrc has removed PHP 5.3 from their collection for security reasons.

I think portmgr or a security officer needs to evaluate *specifically* if it's
a good idea to keep PHP 5.3 in ports so long after it's official security EOL.

My opinion is that it should be deprecated for removal ASAP.

-- 
You are receiving this mail because:
You are the assignee for the bug.