RE: PHP4 Forward Port to Lenny
> Actually, his approach won't solve him much more than staying with etch right ahead.
> Even security wise (getting in through php is much more easier than trying to dig for other issues),
> but definitely also problem wise. Using a minimal openvz/vserver context
> (or even a dedicated machine just for that) with etch + php4 is the most straight
> forward approach that comes to my mind and least troublesome.
I am SysAdmin and not PHP developer.
My concern is to have up to date distribution, kernel and 98.01% of packages.
(1.99% is PHP4 ;-)
Problem:
I need to migrate some of our old servers from Etch to Lenny but I cannot
because PHP4 is only available on Etch and we have scripts running on CLI
and on Apache mod_php4 which are not compatible with PHP5 (because class
auto loader does not work, some calls and PEAR modules are not backward
compatible). Of course we have developpers currently busy trying to port
all apps from PHP4 to Java..
What is best having 100% of outdated packages or having 98% up to date plus 2%
PHP4* with big security holes ?
Solution1:
Forward port PHP4 to Lenny and ask developper to speed up to remove 2% => done.
Trying as best to manage attacks on PHP4 using mod_security etc.
Solution2:
Do nothing and continue using Etch for a year.. Until the developpers are ready..
So you can have a security hole in 100% of the system..
In any case in term of security you will always find a hole.. Etch, Lenny.. It's
a matter of number of software running, bugs, time, exploits, --
Solution3:
Using OpenVZ / Virtuozo, Chroot+GRSecurity, Xen, KVM, Vmware, etc. to have
a 100% outdated Etch for a year running as a "guest" on a 100% up to date Lenny..
What is the point ??
Best Regards,
/[Gg]uy/ or /(G|g)uy/ ;-P
Reply to: