From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Ifr35-0007dT-Af for garchives@archives.gentoo.org; Thu, 11 Oct 2007 05:57:31 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.1/8.14.0) with SMTP id l9B5kvfA020444; Thu, 11 Oct 2007 05:46:57 GMT Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by robin.gentoo.org (8.14.1/8.14.0) with ESMTP id l9B5j8SQ018195 for ; Thu, 11 Oct 2007 05:45:09 GMT Received: from [192.168.0.100] (ip72-220-190-134.sd.sd.cox.net [72.220.190.134]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id 4016364BE7; Thu, 11 Oct 2007 05:45:08 +0000 (UTC) Message-ID: <470DB856.3090004@gentoo.org> Date: Wed, 10 Oct 2007 22:44:54 -0700 From: Josh Saddler User-Agent: Thunderbird 2.0.0.6 (X11/20070805) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org CC: hoffie@gentoo.org Subject: Re: [gentoo-dev] Upcoming masking of dev-lang/php-4* and packages depending on it References: <20071007151349.21aed58b@tux.home> In-Reply-To: <20071007151349.21aed58b@tux.home> X-Enigmail-Version: 0.95.2 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig72A9D1FFCE126BA118D883F7" X-Archives-Salt: 3f63065d-80bf-40c0-af69-29240d47f706 X-Archives-Hash: 0418fcc7f1d9b97cf292a809592a643f This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig72A9D1FFCE126BA118D883F7 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Christian Hoffmann wrote: > Heya, >=20 > I'm going to p.mask =3Ddev-lang/php-4* and all packages explicitly > depending on this version of php (i.e. the whole dev-php4/ category > (36 packages) and one webapp, www-apps/knowledgetree, bug 194894 [1]) > next weekend (around Oct 14th). This step is necessary as there is > hardly any upstream activity anymore. >=20 > The last official version of php-4, 4.4.7, dates back to May 3rd and is= > in the same state as php-5.2.2 security-wise (and we all know how many > issues php-5 had in the past, just have a look at the recently publishe= d > GLSA 200710-02 [2]). >=20 > All those security problems, which were fixed in the 5.2 branch, > possibly apply to the 4.4 branch as well, yet there are no (backported)= > fixes in upstream CVS and there is no sign of an upcoming release > either. > This means, if we were to continue php-4 support we would have to do > the upstream work and compile a list of issues + patches. Upstream > developers seem to see it the same way -- "if you really want to get it= > done - do it" was one reply when I asked what's up with php-4. Noone > from our PHP team has the time and motiviation to do that work, and as > such we are going to mask it (unless someone volunteers to do the work > and/or upstream becomes active again). >=20 > We will still keep php-4 (and all related packages) in the tree until a= t > least the end of the year (this is the date where official upstream > "support" ends) and bump it if (and not "when"...) there are any > releases. >=20 > We advise all users of of php-4 to upgrade to php-5 as soon as possible= =2E >=20 > [1] https://bugs.gentoo.org/show_bug.cgi?id=3D194894 > [2] http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml Since you're doing the masking, can you please help out the GDP by reviewing a few of our documents for any potential changes that must be made? Grepping for "php4" shows that there are references in the following docs: 1. http://www.gentoo.org/doc/en/jffnms.xml 2. http://www.gentoo.org/doc/en/apache-troubleshooting.xml 3. http://www.gentoo.org/doc/en/qmail-howto.xml 4. http://www.gentoo.org/doc/en/handbook/hb-working-rcscripts.xml Thanks, Josh --------------enig72A9D1FFCE126BA118D883F7 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHDbhY5aFMlhMsVyURAhtfAJ0ZxraDTRvOLw1jTbEmcrBu4ctjrgCgjyPJ ybOSd9UsTWvsMjZSFD1Bgq0= =l5fQ -----END PGP SIGNATURE----- --------------enig72A9D1FFCE126BA118D883F7-- -- gentoo-dev@gentoo.org mailing list