Status of PHP support in stretch

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Status of PHP support in stretch

Jochen Spieker
Hi,

I noticed that PHP 7.0 is unsupported by upstream since the beginning of
2019:

https://secure.php.net/supported-versions.php

The most recent PHP version in stretch is, as of now, 7.0.33-0+deb9u1.
As far as I can tell, this is (roughly) the same as upstream 7.0.33 and
not a relabeled later upstream version and it does not contain
significant backports from later upstream versions.

Do I need to assume that PHP 7.0 in Debian is now only
security-supported by Debian alone? Is any DD close enough to upstream
to be able to at least backport new fixes from 7.1 and later if
necessary?

I found https://deb.sury.org/ which appears to be run by a DD[1]. But I
noticed that this version of PHP pulls in a different version of openssl
which rang some alarm bells with me. I would very much prefer something
more official, e.g. backpors.debian.org.

So, what do you do with your stretch servers running PHP now? Pray for
good support in Debian, upgrade to 3rd party packages? Upgrade to buster
already?

Regards,
Jochen.

[1] FWIW, the PGP key used for the repository (AC0E47584A7A714D) is
    signed by Ondřej Surý (0C99B70EF4FCBB07) which, in turn, is
    signed by 184 keys fro debian-keyring. The WoT probably does not get
    better than that.

--
My memories gild my life with rare transcendance.
[Agree]   [Disagree]
                 <http://archive.slowlydownward.com/NODATA/data_enter2.html>

signature.asc (849 bytes) Download Attachment