lang/php52 thoughts

[Ruslan Mahmatkhanov]

Good day!

Just want to discuss some changes to this port that worth doing imho.
The main thesises are:

- We should remove DEPRECATED for now to keep consistency with lang/php4
- We should apply BACKPORTS patch unconditionally

Right now this port is marked as deprecated with expiration date set at 
1st March. The main reason is that 5.2 branch isn't more supported 
upstream. From other hand we have lang/php4 that lacks upstream support 
for years and it isn't marked deprecated for some reason.

The port has an active maintainer and any needed fixes comes into the 
tree without a delays. The most important that 5.2 is still quite 
popular - too much people depend on it, too much code still rely on it. 
I know many hosting providers (in Russia at least) still offer both 5.2 
and 5.3. Effect of removing it a month will be the same as if we drop 
lang/ruby18 now - the things just will stop to work.

lang/php52 has known security vulnerabilities, that is fully covered by 
BACKPORTS option (that applies community backported fixes). Dunno why we 
hold this as an option - I believe nobody using php52 without this 
option - it's just pointless, so why to not apply this patch 
unconditionally? Yes, there is the risk. But people who are using 
unsupported software, already running it on their own risk anyway.

Main problem with this patch is that it (being an option) does not cover 
issues that were found in extensions (lang/php52-extensions and it's 
dependencies) so this modules are quite open for any kind of stuff. 
Adding an analogues option to all of the extensions is an complex and 
error-prone job, so (keeping in mind that nobody using php52 w/o 
BACKPORTS anyway) it's worth to drop this option altogether and all will 
be happy.

What do you think?

-- 
Regards,
Ruslan

Tinderboxing kills... the drives.