Re: [gentoo-dev] Re: News item: Apache "-D PHP5" needs update to "-D PHP"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 1/4/2016 3:41 AM, Kristian Fiskerstrand wrote: > On 01/04/2016 01:26 AM, Sebastian Pipping wrote: >> Hi! > > >> Better late then never. Posting 72 hours from now the earliest >> as advised by GLEP 42. Feedback welcome as usual. > > Do you have any timeline in place for the change happening in tree > (in particular for stable users). > > >> Without updating APACHE2_OPTS, websites could end up serving PHP >> code (include configuration files with passwords) unprocessed to >> website visitors! > > > Such a change should really be avoided if possible. Would it be > possible to have a conditional approach where either one can be > used, or maybe set the new variable/defin if the old one is used? > > The problem is really two-fold with the new eselect-php. For future compatibility (to not have this happen again with say PHP8), the PHP team changed the symlink created by eselect to be libphp.so instead of the current libphp${MAJOR}.so. The user must also reselect with `eselect php set X`, even for the current PHP versions and not just 7. mjo explored the option of "Define PHP" but that is apache-2.4+ only. If we wanted a "compatibility" layer, it would be the same section repeated until 2.4 was the only version available. That might confuse users even more. Brian -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) iQIcBAEBAgAGBQJWioraAAoJENH3ge/59KO2wNUQAKThJz1QBjOvOmi0ClluVxt8 Lt0fbibQXIgZScJy5zqeOwX3EAUDqBST8sonNhJ8uQT4qbU8gwdYK6vhoDbJS0sX oNzbdwxumSwNBsi4UCl/D0Dj+XefgIyvmgGBZ0RA8t0x8Ls3uQB6DWI1f36Z3wAs ULqJc38+d1e5pmNu3jpc5tvG2ybvaVVGbWmNiOI8rafFV12KIsRMDHdDCG4DpkQD bmWLYTv44Nt5nSY2wmLQQAV57kB2PsaaT0qlQciVhKiqOUA+qlmI0dtM3LLSNitK dqKWNj7WTQFBM1SLHXD0s4CQk9XhFB9E07zelcB5zuC9XeYj1mbrn9aEtfl5lfVs hHHJQ97MG3u/XwPTHY04J6wfoaQW4dwaQd74Pz48qJ2DqSW9HV8UTS2enF5cuZok mFfd+xexHvcz45jyz83BtXM4mRWdHBDdy/3fYEvN12wVgU4hQcjDTKKPwpO3Btsb uyCar+SgoHoRIEQhfDytnT0Idte2GifCysPq7hG12j+efwT7pt0XXk+TZQaH/opZ FWRzOvjXZXd41M3RQ7H5D+KXrKV3uY4mE41rceEUXrw9PQrueg6Cw5ujK/opawrv a8qonCtx7LZrEzYLagCYEBDPdgvxHWzIBb0vdgYoRVzSRwoJiAA66dbRuqC7s34G JM84VqrtPsaCktCq6vw3 =/gh0 -END PGP SIGNATURE-
Re: [gentoo-dev] Re: News item: Apache "-D PHP5" needs update to "-D PHP"
On Mon, Jan 4, 2016 at 9:20 AM, Kristian Fiskerstrand wrote: > > And while at it, in additional to news item, this should likely follow > a few version upgrades as elog messages before actually being > implemented anywhere > I don't want to be too prescriptive with the solutions. However, clearly /some/ kind of orderly transition is necessary. News before, an elog, etc. And that news needs to be timely - not 12 months before stable mysteriously breaks one day, unless it is safe to make the change before the update. I'd leave it up to the maintainer to decide whether it is more work to coordinate the timing around all the communications or to have a more graceful transition so that the timing isn't as critical. -- Rich
Re: [gentoo-dev] Re: News item: Apache "-D PHP5" needs update to "-D PHP"
Kristian Fiskerstrand wrote: > Maybe I'm thinking things too difficult, why not just define both -D > PHP and -D PHP5 in the transition period and suggest this config for > any change? Because it mostly just defers the problem. If the desire is to move away from PHP5 then I would suggest to force a failure when starting Apache, if PHP5 is defined when PHP is required. Ie. fail closed. I can be talked into supporting the idea to only print a warning when PHP5 is set and to not fail (no source served) for some period of time until which the forced failure starts, if PHP5 is still set. Don't fail open, fail closed. Since manual interaction is required some people will forget or overlook it, and will get a failure. I would introduce the failure right away, but maybe a warning will make some happy who would otherwise have gotten a failure. //Peter
Re: [gentoo-dev] Re: News item: Apache "-D PHP5" needs update to "-D PHP"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 01/04/2016 02:30 PM, Kristian Fiskerstrand wrote: > On 01/04/2016 09:41 AM, Kristian Fiskerstrand wrote: >> On 01/04/2016 01:26 AM, Sebastian Pipping wrote: >>> Hi! > > > > >> Such a change should really be avoided if possible. Would it be >> possible to have a conditional approach where either one can be >> used, or maybe set the new variable/defin if the old one is >> used? > > > Maybe I'm thinking things too difficult, why not just define both > -D PHP and -D PHP5 in the transition period and suggest this config > for any change? > And while at it, in additional to news item, this should likely follow a few version upgrades as elog messages before actually being implemented anywhere - -- Kristian Fiskerstrand Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 -BEGIN PGP SIGNATURE- iQEcBAEBCgAGBQJWin+hAAoJECULev7WN52FNGYIAIK5xZEaBvUzR9YCyzSphnI/ ymh6i+wUnzcCjX4TYpC5c05yp3nzLTXvKsaNFuMos43ZqhjTG6hny72waIZ5RRmM KI1XORRItoOHiat6xuYrOg8S9vf881AJnS/w6XhRVkL1MrtGLrUbV2De/5Z7V1PU 3j0M702inkbPHoV3JfRv97ZZmupazCSj7rfrrwcvUFqjKFZNFU4zK76rAwRXYfSk ZKC7MSAx6lfhcNmy8boUoFMnFwyimkI06hN8ZhaosexkSYqT5HeOUMrX2bpKtXF/ 69Ky3bd8Vs8/f9WTqtjf3GJC/iBs1/gpxgSu7/hpy69yFoffLE9VsKe1xHSd3n4= =C5MO -END PGP SIGNATURE-
Re: [gentoo-dev] Re: News item: Apache "-D PHP5" needs update to "-D PHP"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 01/04/2016 09:41 AM, Kristian Fiskerstrand wrote: > On 01/04/2016 01:26 AM, Sebastian Pipping wrote: >> Hi! > > Such a change should really be avoided if possible. Would it be > possible to have a conditional approach where either one can be > used, or maybe set the new variable/defin if the old one is used? > Maybe I'm thinking things too difficult, why not just define both -D PHP and -D PHP5 in the transition period and suggest this config for any change? - -- Kristian Fiskerstrand Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 -BEGIN PGP SIGNATURE- iQEcBAEBCgAGBQJWinPkAAoJECULev7WN52FFkYH/2f9v5dnKeS4nX3mP+ZnzwkY YpV2W0l8WNN1ZHfM4nsf/zKPw7eJqYFFryaYYtiNebvN37SpjaqdCrn78l1/mJYI JfKH6Aj7QNi3LuGR0B30yKhDMF6Q5Yu56rtXuweHCdX25zOoTkQAQ8S5n9OOLORP DP4J0hgc+HQZrMkZMUZGTrToFX91ffQazE/e/ryXROCNO/g8vZBpbCbTC6PuSpMp z5foF2sD4cfcccvVf0vG4NKwIhFqYPZkvMM8/yYbuj61ZGGf0HtCXBpK4fNLgQKc nKqVUzKY69YY76oi2sS+GDmEPQohCMTzSdhQztNXGKrTmzz5tccVnqCMlLd8kn4= =0KpH -END PGP SIGNATURE-
[gentoo-dev] Re: News item: Apache "-D PHP5" needs update to "-D PHP"
On Mon, Jan 4, 2016 at 3:41 AM, Kristian Fiskerstrand wrote: > > On 01/04/2016 01:26 AM, Sebastian Pipping wrote: >> Hi! >> >> >> Better late then never. Posting 72 hours from now the earliest as >> advised by GLEP 42. Feedback welcome as usual. > > Do you have any timeline in place for the change happening in tree (in > particular for stable users). ++ In particular we should avoid both of these scenarios: 1. Stable users make a change now which breaks their existing config (because the change isn't deployed to stable yet). 2. Stable users get the news item today, and the change six months later after they've forgotten about it. I'm not sure whether either applies in this case. -- Rich
[gentoo-dev] Re: News item: Apache "-D PHP5" needs update to "-D PHP"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 01/04/2016 01:26 AM, Sebastian Pipping wrote: > Hi! > > > Better late then never. Posting 72 hours from now the earliest as > advised by GLEP 42. Feedback welcome as usual. Do you have any timeline in place for the change happening in tree (in particular for stable users). > > Without updating APACHE2_OPTS, websites could end up serving PHP > code (include configuration files with passwords) unprocessed to > website visitors! > Such a change should really be avoided if possible. Would it be possible to have a conditional approach where either one can be used, or maybe set the new variable/defin if the old one is used? - -- Kristian Fiskerstrand Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 -BEGIN PGP SIGNATURE- iQEcBAEBCgAGBQJWijA1AAoJECULev7WN52F/aQH/0JxIUbwzpXsY3canje+A/oo IsfgksJIZOq3cRZNwNvnE+BBMyuQlGaJ6auuIp+er9VNwjYk2Qiq7tzAanEdVeq9 A6h+eWYu/jTI57op9n7h5k6Jy7fMU1G/YfH6KfDHaoV/mIZFjpTND3v97OvB+uAc 6jt0234PYHjFsSwyOnYZ3/p+P9GELAhGAQQWaDhh5RDdKPfpEULiVpniWbnbTFBq evQ2dKRw6cifBfyUYcLsGstdtPsqzbjETNOeWSNLwgMMpCh7xViaTnJ1T+9rqK1L 9Jb1+xCuy7Nj6T4mbZZaDZXuGdJm9KgpzplpRR1ivv0FudwgHAbFJ8QyykjvOMA= =KViT -END PGP SIGNATURE-