Re: Why do we still have this on the distribution?
Don Armstrong dijo [Tue, Apr 05, 2005 at 12:17:26PM -0700]:
> If php3 has specific security problems, then file bugs against
> it. Currently Adam Conrad <firstname.lastname@example.org> is maintaining php3, and
> as I sit here, there are no bugs with severity > Normal open against
> Until Adam Conrad decides that it shouldn't be in the archive, or the
> bugginess of the package precludes it from being included in a release
> (IE, unresolved RC bugs) the package will continue being released on
> the assumption that the maintainer actually knows better than any one
> else if people are really using the package.
Debian does not aim at packaging _more_ software, it aims at packaging
_better_ software, at offering everything a given user might need.
Adam: Is there a reason for keeping PHP3 in the archive? The following
packages currently are listed as its rdepends:
php3-xml, php3-snmp, php3-pgsql, php3-mysql, php3-mhash, php3-magick,
php3-ldap, php3-imap, php3-gd, php3-cgi, dcl, twig, spip-eva, spip,
php4-cli, php4-cgi, php3-xml, php3-snmp, php3-pgsql, php3-mysql,
php3-mhash, php3-magick, php3-ldap, php3-imap, php3-gd, php3-cgi,
php-elisp, nagat, libphp-phplot, libapache-mod-php4, htcheck-php,
dcl, dacode, checkservice, acidlab
Out of those, they are all either available for php4 as well (php3-*)
or depend on either php3 or php4.
Is there a real reason to keep carrying this cruft? I understand the
packages are not (or don't appear to be) buggy... However, their bits
are rotting. They are not widely used anymore, and they might have all
sorts of problems that do not get detected. I don't know if patches
for the php4 modules are backported (if the problem exists, of course)
for older php3 modules.
Adam: Please reply :)
Gunnar Wolf - email@example.com - (+52-55)1451-2244 / 5554-9450
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF