Web lists-archives.com

Re: PHP Support in Debian




Well, either you want old stable or bleeding edge. And with web technologies it’s usually the bleeding edge type of people. It would take a full time job to create all the variants, and I do this mostly in my free time.

As for reproducible builds - that’s the next thing on my list, it seems that the patches got mixed up and the reproducible build patch got replaced with something else.

Cheers,
Ondrej
--
Ondřej Surý <ondrej@xxxxxxxx>

> On 20 Oct 2018, at 18:34, Jonas Meurer <jonas@xxxxxxxxxxxxxxx> wrote:
> 
>> Am 20.10.18 um 03:50 schrieb Chris Knadle:
>> Jonas Meurer:
>>> * Adding backports to my sources.list doesn't automatically pull any
>>>  packages from there. I have to choose particular packages in a manual
>>>  process in order to install them from backports. That's different for
>>>  repositories like sury.org that provide packages under the release
>>>  target (e.g. 'stretch').
>>>  If I add deb.sury.org to my sources.list, then installed packages with
>>>  newer versions in this repo are automatically upgraded. This makes it
>>>  much easier to abuse the repo, e.g. in order to spread malware. In
>>>  other words, the attack vector is way larger.
>> 
>> There's an available middle-ground, which is to add an additional repository to
>> the sources.list file and add an apt Pin-Priority in /etc/apt/preferences.d/ for
>> that repository (of say priority 150) such that any installed packages from the
>> additional repository get updated, but any not-already-installed packages from
>> the additional repository aren't automatically used for upgrades.
>> 
>> See 'man apt_preferences' for details.
> 
> Jep, you're right. I was talking about the default experience for users
> who don't know about advanced tricks.
> 
> Cheers
> jonas
> 
>