From owner-freebsd-ports-bugs@FreeBSD.ORG Mon Mar 2 09:19:38 2015 Return-Path: Delivered-To: freebsd-ports-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1442994F for ; Mon, 2 Mar 2015 09:19:38 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EF127612 for ; Mon, 2 Mar 2015 09:19:37 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t229JbUK062676 for ; Mon, 2 Mar 2015 09:19:37 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 198150] PHP 53 - 6 months EOL - this should not be in ports Date: Mon, 02 Mar 2015 09:19:37 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Ports Framework X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: marino@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ports-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter cc Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Mar 2015 09:19:38 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198150 Bug ID: 198150 Summary: PHP 53 - 6 months EOL - this should not be in ports Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Ports Framework Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: marino@FreeBSD.org CC: portmgr@FreeBSD.org I'm filing this under infrastructure so portmgr can make the call. PHP 5.3 has been EOL from security fixes for six months already: http://php.net/eol.php In fact, PHP 5.4 has already ceased development and it's security fix EOL is Sept 2015, right around the corner The maintainer is flo@. I expressed my concern about this security vulnerability that FreeBSD is enabling by bypassing upstream's recommendation. He said that somebody asked him to keep it in ports and would take responsibility for security updates. I don't have faith in that approach. Also, pkgsrc has removed PHP 5.3 from their collection for security reasons. I think portmgr or a security officer needs to evaluate *specifically* if it's a good idea to keep PHP 5.3 in ports so long after it's official security EOL. My opinion is that it should be deprecated for removal ASAP. -- You are receiving this mail because: You are the assignee for the bug.