Re: Why do we still have this on the distribution?
On Tue, Apr 05, 2005 at 04:43:06PM -0500, Gunnar Wolf wrote:
> Out of those, they are all either available for php4 as well (php3-*)
> or depend on either php3 or php4.
Just to make the point more explicit:
$ grep-available -n -s Package -F Depends php3 -a ! -F Depends php4 | sort -u
$ grep-available -n -s Package -F Depends php3 -a -F Depends php4 | sort -u
> Is there a real reason to keep carrying this cruft? I understand the
> packages are not (or don't appear to be) buggy... However, their bits
> are rotting. They are not widely used anymore, and they might have
> all sorts of problems that do not get detected. I don't know if
> patches for the php4 modules are backported (if the problem exists,
> of course) for older php3 modules.
Recently yet another PHP4 vulnerability was reported. Each time you
have to wonder if it really doesn't apply to PHP3 or if noone bothered