[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why do we still have this on the distribution?



On Tue, Apr 05, 2005 at 04:43:06PM -0500, Gunnar Wolf wrote:

 > Out of those, they are all either available for php4 as well (php3-*)
 > or depend on either php3 or php4. 

 Just to make the point more explicit:

$ grep-available -n -s Package -F Depends php3 -a ! -F Depends php4 | sort -u
php3-cgi-gd
php3-cgi-imap
php3-cgi-ldap
php3-cgi-magick
php3-cgi-mhash
php3-cgi-mysql
php3-cgi-pgsql
php3-cgi-snmp
php3-cgi-xml
php3-gd
php3-imap
php3-ldap
php3-magick
php3-mhash
php3-mysql
php3-pgsql
php3-snmp
php3-xml

$ grep-available -n -s Package -F Depends php3 -a -F Depends php4 | sort -u
acidlab
acidlab-mysql
acidlab-pgsql
dacode
dcl
eskuel
hawxy
htcheck-php
libphp-hawhaw
libphp-phplot
nagat
phpgroupware-napster
spip
spip-eva
twig

 > Is there a real reason to keep carrying this cruft? I understand the
 > packages are not (or don't appear to be) buggy... However, their bits
 > are rotting. They are not widely used anymore, and they might have
 > all sorts of problems that do not get detected. I don't know if
 > patches for the php4 modules are backported (if the problem exists,
 > of course) for older php3 modules.

 Recently yet another PHP4 vulnerability was reported.  Each time you
 have to wonder if it really doesn't apply to PHP3 or if noone bothered
 to look.

-- 
Marcelo



Reply to: