Re: Status of PHP support in stretch
- Date: Fri, 8 Feb 2019 22:36:58 +0100
- From: Ondřej Surý <ondrej@xxxxxxxx>
- Subject: Re: Status of PHP support in stretch
I still don’t understand why everybody suddenly thinks PHP is special
in any way. The packages will be treated same as any other Debian
package - the important security fixes will be backported.
> On 8 Feb 2019, at 22:06, Jochen Spieker <ml@xxxxxxxxxxxxxxxx> wrote:
> I originally sent this to debian-user and did not receive any replies
> there. I thought I should retry here and maybe get a (more or less)
> official response.
> ----- Forwarded message from Jochen Spieker <ml@xxxxxxxxxxxxxxxx> -----
> I noticed that PHP 7.0 is unsupported by upstream since the beginning of
> The most recent PHP version in stretch is, as of now, 7.0.33-0+deb9u1.
> As far as I can tell, this is (roughly) the same as upstream 7.0.33 and
> not a relabeled later upstream version and it does not contain
> significant backports from later upstream versions.
> Do I need to assume that PHP 7.0 in Debian is now only
> security-supported by Debian alone? Is any DD close enough to upstream
> to be able to at least backport new fixes from 7.1 and later if
> I found https://deb.sury.org/ which appears to be run by a DD. But I
> noticed that this version of PHP pulls in a different version of openssl
> which rang some alarm bells with me. I would very much prefer something
> more official, e.g. backpors.debian.org.
> So, what do you do with your stretch servers running PHP now? Pray for
> good support in Debian, upgrade to 3rd party packages? Upgrade to buster
>  FWIW, the PGP key used for the repository (AC0E47584A7A714D) is
> signed by Ondřej Surý (0C99B70EF4FCBB07) which, in turn, is
> signed by 184 keys fro debian-keyring. The WoT probably does not get
> better than that.
> ----- End forwarded message -----
> If I was a supermodel I would give all my cocaine to the socially
> [Agree] [Disagree]