Re: Why do we still have this on the distribution?
On Tue, Apr 05, 2005 at 04:43:06PM -0500, Gunnar Wolf wrote:
> Out of those, they are all either available for php4 as well (php3-*)
> or depend on either php3 or php4.
Just to make the point more explicit:
$ grep-available -n -s Package -F Depends php3 -a ! -F Depends php4 | sort -u
php3-cgi-gd
php3-cgi-imap
php3-cgi-ldap
php3-cgi-magick
php3-cgi-mhash
php3-cgi-mysql
php3-cgi-pgsql
php3-cgi-snmp
php3-cgi-xml
php3-gd
php3-imap
php3-ldap
php3-magick
php3-mhash
php3-mysql
php3-pgsql
php3-snmp
php3-xml
$ grep-available -n -s Package -F Depends php3 -a -F Depends php4 | sort -u
acidlab
acidlab-mysql
acidlab-pgsql
dacode
dcl
eskuel
hawxy
htcheck-php
libphp-hawhaw
libphp-phplot
nagat
phpgroupware-napster
spip
spip-eva
twig
> Is there a real reason to keep carrying this cruft? I understand the
> packages are not (or don't appear to be) buggy... However, their bits
> are rotting. They are not widely used anymore, and they might have
> all sorts of problems that do not get detected. I don't know if
> patches for the php4 modules are backported (if the problem exists,
> of course) for older php3 modules.
Recently yet another PHP4 vulnerability was reported. Each time you
have to wonder if it really doesn't apply to PHP3 or if noone bothered
to look.
--
Marcelo
Reply to: