From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1IeW8f-0007gt-BA for garchives@archives.gentoo.org; Sun, 07 Oct 2007 13:25:45 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.1/8.14.0) with SMTP id l97DFKxF002226; Sun, 7 Oct 2007 13:15:20 GMT Received: from srv.hoffie.info (hesasys.org [217.20.118.221]) by robin.gentoo.org (8.14.1/8.14.0) with ESMTP id l97DDALv031902; Sun, 7 Oct 2007 13:13:10 GMT Received: from tux.home (p5494CDF3.dip.t-dialin.net [84.148.205.243]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by srv.hoffie.info (Postfix) with ESMTP id 9912F58A80; Sun, 7 Oct 2007 15:13:09 +0200 (CEST) Date: Sun, 7 Oct 2007 15:13:49 +0200 From: Christian Hoffmann To: gentoo-dev-announce@lists.gentoo.org, gentoo-dev@lists.gentoo.org Subject: [gentoo-dev] Upcoming masking of dev-lang/php-4* and packages depending on it Message-ID: <20071007151349.21aed58b@tux.home> X-Mailer: Claws Mail 3.0.2 (GTK+ 2.10.14; i686-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/ZGys8lmuOcKQPxMgBgWUQxQ"; protocol="application/pgp-signature"; micalg=PGP-SHA1 X-Archives-Salt: 660ae7c9-ab0e-4e7b-ab9f-35fa413021e5 X-Archives-Hash: 952e1644f03bf39248cb94c526251269 --Sig_/ZGys8lmuOcKQPxMgBgWUQxQ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Heya, I'm going to p.mask =3Ddev-lang/php-4* and all packages explicitly depending on this version of php (i.e. the whole dev-php4/ category (36 packages) and one webapp, www-apps/knowledgetree, bug 194894 [1]) next weekend (around Oct 14th). This step is necessary as there is hardly any upstream activity anymore. The last official version of php-4, 4.4.7, dates back to May 3rd and is in the same state as php-5.2.2 security-wise (and we all know how many issues php-5 had in the past, just have a look at the recently published GLSA 200710-02 [2]). All those security problems, which were fixed in the 5.2 branch, possibly apply to the 4.4 branch as well, yet there are no (backported) fixes in upstream CVS and there is no sign of an upcoming release either. This means, if we were to continue php-4 support we would have to do the upstream work and compile a list of issues + patches. Upstream developers seem to see it the same way -- "if you really want to get it done - do it" was one reply when I asked what's up with php-4. Noone from our PHP team has the time and motiviation to do that work, and as such we are going to mask it (unless someone volunteers to do the work and/or upstream becomes active again). We will still keep php-4 (and all related packages) in the tree until at least the end of the year (this is the date where official upstream "support" ends) and bump it if (and not "when"...) there are any releases. We advise all users of of php-4 to upgrade to php-5 as soon as possible. [1] https://bugs.gentoo.org/show_bug.cgi?id=3D194894 [2] http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml --=20 Christian Hoffmann Gentoo PHP herd --Sig_/ZGys8lmuOcKQPxMgBgWUQxQ Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHCNuNJ9KLJlGHWYIRAnUOAJwNBJJXmHGCaqsl8Ks4QlqMJID9awCgmz7D 4ubfa5b2TZVytlyos6BV++A= =LeDf -----END PGP SIGNATURE----- --Sig_/ZGys8lmuOcKQPxMgBgWUQxQ-- -- gentoo-dev@gentoo.org mailing list