[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PHP Support in Debian

Hi,

Is it possible to support these versions properly for our
users as long as there is security/LTS support for our releases?

the PHP 7.0 will be supported like any other package in Debian - the security fixes will be cherrypicked and applied for the lifetime of Debian stretch. Then the LTS team will (or will not) take over.

Lots of applications require php 7.1 or 7.2 these days. As
there is no official backport, the only option right now is
to use CentOS with SCLs

PHP 7.0 and 7.1 are gone from unstable and testing and PHP 7.2 will be removed as soon as the transition to PHP 7.3 is finished. That means the only version of PHP that’s backportable according to Debian backport rules would be PHP 7.3.

If somebody else wants to do the backport, feel free to do so, I am not blocking anyone to do the work. As a fact, all the PHP packages could be compiled as far as to Debian Jessie and Ubuntu Trusty (which means jumping through more hoops than strictly necessary). I am just declaring there’s only so much time one person can have, so I am not doing the official PHP backport.

I know that there is
https://deb.sury.org - but prefer to trust stuff that was
built on Debian machines and is distributed/signed with a
key we trust.

Shrug, all the packages that I upload to Debian and to the DPA are signed by the same key - mine.

Will there be a proper solution for that soon?

That’s very vague - there’s already a proper solution in place - backporting the security fixes is the *Debian way* of maintaining packages in stable. The exception of uploading new PHP patch releases to stable is well an exception and it took some time and effort to negotiate it.

Cheers,
Ondrej
--
Ondřej Surý <ondrej@sury.org>

On 16 Oct 2018, at 17:06, Bernd Zeimetz <bernd@bzed.de> wrote:

Hi,

we (as in several customers and I) are wondering about the status
of php support in Debian.

* According to http://php.net/supported-versions.php upstream
security support for 5.6 (jessie) and 7.0 (stretch) will be gone
soon. Is it possible to support these versions properly for our
users as long as there is security/LTS support for our releases?

* Lots of applications require php 7.1 or 7.2 these days. As
there is no official backport, the only option right now is
to use CentOS with SCLs. I know that there is
https://deb.sury.org - but prefer to trust stuff that was
built on Debian machines and is distributed/signed with a
key we trust.


Will there be a proper solution for that soon?


Thanks,

Bernd


--
Bernd Zeimetz                            Debian GNU/Linux Developer
http://bzed.de                                http://www.debian.org
GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F
Reply to: