RE: PHP4 Forward Port to Lenny
Le vendredi 05 février 2010 à 12:10 +0100, Guy.Baconniere@swisscom.com a
écrit :
> Problem:
> I need to migrate some of our old servers from Etch to Lenny but I cannot
> because PHP4 is only available on Etch and we have scripts running on CLI
> and on Apache mod_php4 which are not compatible with PHP5 (because class
> auto loader does not work, some calls and PEAR modules are not backward
> compatible). Of course we have developpers currently busy trying to port
> all apps from PHP4 to Java..
>
> What is best having 100% of outdated packages or having 98% up to date plus 2%
> PHP4* with big security holes ?
Sorry, but you are completely wasting your time.
Instead of a well-tested etch solution with PHP4 security holes, you
will end up with an untested lenny solution with PHP4 security holes.
Your 98% figure is completely ridiculous. There are no gaping holes to
expect in a locked-down etch system if you only install Apache and PHP -
at least, no holes worse than those in PHP4 itself. And believe me, if a
remote root exploit is found in the kernel or SSH, you will not be the
only one in trouble, and backported fixes for etch will flourish,
regardless of the official state of support of the distribution.
The most important thing you need to do with these servers is to cover
your ass in case of a compromise. Upgrading them to lenny will not help.
Cheers,
--
.''`. Josselin Mouette
: :' :
`. `' “A handshake with whitnesses is the same
`- as a signed contact.” -- Jörg Schilling
Reply to: