Date: Mon, 02 Mar 2015 09:19:37 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 198150] PHP 53 - 6 months EOL - this should not be in ports Message-ID: <bug-198150-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198150 Bug ID: 198150 Summary: PHP 53 - 6 months EOL - this should not be in ports Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Ports Framework Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: marino@FreeBSD.org CC: portmgr@FreeBSD.org I'm filing this under infrastructure so portmgr can make the call. PHP 5.3 has been EOL from security fixes for six months already: http://php.net/eol.php In fact, PHP 5.4 has already ceased development and it's security fix EOL is Sept 2015, right around the corner The maintainer is flo@. I expressed my concern about this security vulnerability that FreeBSD is enabling by bypassing upstream's recommendation. He said that somebody asked him to keep it in ports and would take responsibility for security updates. I don't have faith in that approach. Also, pkgsrc has removed PHP 5.3 from their collection for security reasons. I think portmgr or a security officer needs to evaluate *specifically* if it's a good idea to keep PHP 5.3 in ports so long after it's official security EOL. My opinion is that it should be deprecated for removal ASAP. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-198150-13>