Christian Hoffmann wrote: > Heya, > > I'm going to p.mask =dev-lang/php-4* and all packages explicitly > depending on this version of php (i.e. the whole dev-php4/ category > (36 packages) and one webapp, www-apps/knowledgetree, bug 194894 [1]) > next weekend (around Oct 14th). This step is necessary as there is > hardly any upstream activity anymore. > > The last official version of php-4, 4.4.7, dates back to May 3rd and is > in the same state as php-5.2.2 security-wise (and we all know how many > issues php-5 had in the past, just have a look at the recently published > GLSA 200710-02 [2]). > > All those security problems, which were fixed in the 5.2 branch, > possibly apply to the 4.4 branch as well, yet there are no (backported) > fixes in upstream CVS and there is no sign of an upcoming release > either. > This means, if we were to continue php-4 support we would have to do > the upstream work and compile a list of issues + patches. Upstream > developers seem to see it the same way -- "if you really want to get it > done - do it" was one reply when I asked what's up with php-4. Noone > from our PHP team has the time and motiviation to do that work, and as > such we are going to mask it (unless someone volunteers to do the work > and/or upstream becomes active again). > > We will still keep php-4 (and all related packages) in the tree until at > least the end of the year (this is the date where official upstream > "support" ends) and bump it if (and not "when"...) there are any > releases. > > We advise all users of of php-4 to upgrade to php-5 as soon as possible. > > [1] https://bugs.gentoo.org/show_bug.cgi?id=194894 > [2] http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
Since you're doing the masking, can you please help out the GDP by reviewing a few of our documents for any potential changes that must be made? Grepping for "php4" shows that there are references in the following docs: 1. http://www.gentoo.org/doc/en/jffnms.xml 2. http://www.gentoo.org/doc/en/apache-troubleshooting.xml 3. http://www.gentoo.org/doc/en/qmail-howto.xml 4. http://www.gentoo.org/doc/en/handbook/hb-working-rcscripts.xml Thanks, Josh
signature.asc
Description: OpenPGP digital signature
