I still don’t understand why everybody suddenly thinks PHP is special in any way. The packages will be treated same as any other Debian package - the important security fixes will be backported.
Ondrej > On 8 Feb 2019, at 22:06, Jochen Spieker <m...@well-adjusted.de> wrote: > > Hi, > > I originally sent this to debian-user and did not receive any replies > there. I thought I should retry here and maybe get a (more or less) > official response. > > Regards, > Jochen. > > ----- Forwarded message from Jochen Spieker <m...@well-adjusted.de> ----- > > I noticed that PHP 7.0 is unsupported by upstream since the beginning of > 2019: > > https://secure.php.net/supported-versions.php > > The most recent PHP version in stretch is, as of now, 7.0.33-0+deb9u1. > As far as I can tell, this is (roughly) the same as upstream 7.0.33 and > not a relabeled later upstream version and it does not contain > significant backports from later upstream versions. > > Do I need to assume that PHP 7.0 in Debian is now only > security-supported by Debian alone? Is any DD close enough to upstream > to be able to at least backport new fixes from 7.1 and later if > necessary? > > I found https://deb.sury.org/ which appears to be run by a DD[1]. But I > noticed that this version of PHP pulls in a different version of openssl > which rang some alarm bells with me. I would very much prefer something > more official, e.g. backpors.debian.org. > > So, what do you do with your stretch servers running PHP now? Pray for > good support in Debian, upgrade to 3rd party packages? Upgrade to buster > already? > > Regards, > Jochen. > > [1] FWIW, the PGP key used for the repository (AC0E47584A7A714D) is > signed by Ondřej Surý (0C99B70EF4FCBB07) which, in turn, is > signed by 184 keys fro debian-keyring. The WoT probably does not get > better than that. > > ----- End forwarded message ----- > > -- > If I was a supermodel I would give all my cocaine to the socially > excluded. > [Agree] [Disagree] > <http://archive.slowlydownward.com/NODATA/data_enter2.html>
