cvs-src at yandex.ru
Sun Feb 12 14:53:50 UTC 2012
Just want to discuss some changes to this port that worth doing imho.
The main thesises are:
- We should remove DEPRECATED for now to keep consistency with lang/php4
- We should apply BACKPORTS patch unconditionally
Right now this port is marked as deprecated with expiration date set at
1st March. The main reason is that 5.2 branch isn't more supported
upstream. From other hand we have lang/php4 that lacks upstream support
for years and it isn't marked deprecated for some reason.
The port has an active maintainer and any needed fixes comes into the
tree without a delays. The most important that 5.2 is still quite
popular - too much people depend on it, too much code still rely on it.
I know many hosting providers (in Russia at least) still offer both 5.2
and 5.3. Effect of removing it a month will be the same as if we drop
lang/ruby18 now - the things just will stop to work.
lang/php52 has known security vulnerabilities, that is fully covered by
BACKPORTS option (that applies community backported fixes). Dunno why we
hold this as an option - I believe nobody using php52 without this
option - it's just pointless, so why to not apply this patch
unconditionally? Yes, there is the risk. But people who are using
unsupported software, already running it on their own risk anyway.
Main problem with this patch is that it (being an option) does not cover
issues that were found in extensions (lang/php52-extensions and it's
dependencies) so this modules are quite open for any kind of stuff.
Adding an analogues option to all of the extensions is an complex and
error-prone job, so (keeping in mind that nobody using php52 w/o
BACKPORTS anyway) it's worth to drop this option altogether and all will
What do you think?
Tinderboxing kills... the drives.
More information about the freebsd-ports