[gentoo-dev] Re: News item: Apache "-D PHP5" needs update to "-D PHP"

2016-01-04 Thread Kristian Fiskerstrand 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 01/04/2016 01:26 AM, Sebastian Pipping wrote:
> Hi!
> 
> 
> Better late then never.  Posting 72 hours from now the earliest as
>  advised by GLEP 42.  Feedback welcome as usual.

Do you have any timeline in place for the change happening in tree (in
particular for stable users).

> 
> Without updating APACHE2_OPTS, websites could end up serving PHP 
> code (include configuration files with passwords) unprocessed to 
> website visitors!
> 

Such a change should really be avoided if possible. Would it be
possible to have a conditional approach where either one can be used,
or maybe set the new variable/defin if the old one is used?

- -- 
Kristian Fiskerstrand
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJWijA1AAoJECULev7WN52F/aQH/0JxIUbwzpXsY3canje+A/oo
IsfgksJIZOq3cRZNwNvnE+BBMyuQlGaJ6auuIp+er9VNwjYk2Qiq7tzAanEdVeq9
A6h+eWYu/jTI57op9n7h5k6Jy7fMU1G/YfH6KfDHaoV/mIZFjpTND3v97OvB+uAc
6jt0234PYHjFsSwyOnYZ3/p+P9GELAhGAQQWaDhh5RDdKPfpEULiVpniWbnbTFBq
evQ2dKRw6cifBfyUYcLsGstdtPsqzbjETNOeWSNLwgMMpCh7xViaTnJ1T+9rqK1L
9Jb1+xCuy7Nj6T4mbZZaDZXuGdJm9KgpzplpRR1ivv0FudwgHAbFJ8QyykjvOMA=
=KViT
-END PGP SIGNATURE-

[gentoo-dev] Re: News item: Apache "-D PHP5" needs update to "-D PHP"

2016-01-04 Thread Rich Freeman 
On Mon, Jan 4, 2016 at 3:41 AM, Kristian Fiskerstrand  wrote:
>
> On 01/04/2016 01:26 AM, Sebastian Pipping wrote:
>> Hi!
>>
>>
>> Better late then never.  Posting 72 hours from now the earliest as
>>  advised by GLEP 42.  Feedback welcome as usual.
>
> Do you have any timeline in place for the change happening in tree (in
> particular for stable users).

++

In particular we should avoid both of these scenarios:
1. Stable users make a change now which breaks their existing config
(because the change isn't deployed to stable yet).
2. Stable users get the news item today, and the change six months
later after they've forgotten about it.

I'm not sure whether either applies in this case.

-- 
Rich

Re: [gentoo-dev] Re: News item: Apache "-D PHP5" needs update to "-D PHP"

2016-01-04 Thread Kristian Fiskerstrand 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 01/04/2016 09:41 AM, Kristian Fiskerstrand wrote:
> On 01/04/2016 01:26 AM, Sebastian Pipping wrote:
>> Hi!



> 
> Such a change should really be avoided if possible. Would it be 
> possible to have a conditional approach where either one can be 
> used, or maybe set the new variable/defin if the old one is used?
> 

Maybe I'm thinking things too difficult, why not just define both -D
PHP and -D PHP5 in the transition period and suggest this config for
any change?

- -- 
Kristian Fiskerstrand
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJWinPkAAoJECULev7WN52FFkYH/2f9v5dnKeS4nX3mP+ZnzwkY
YpV2W0l8WNN1ZHfM4nsf/zKPw7eJqYFFryaYYtiNebvN37SpjaqdCrn78l1/mJYI
JfKH6Aj7QNi3LuGR0B30yKhDMF6Q5Yu56rtXuweHCdX25zOoTkQAQ8S5n9OOLORP
DP4J0hgc+HQZrMkZMUZGTrToFX91ffQazE/e/ryXROCNO/g8vZBpbCbTC6PuSpMp
z5foF2sD4cfcccvVf0vG4NKwIhFqYPZkvMM8/yYbuj61ZGGf0HtCXBpK4fNLgQKc
nKqVUzKY69YY76oi2sS+GDmEPQohCMTzSdhQztNXGKrTmzz5tccVnqCMlLd8kn4=
=0KpH
-END PGP SIGNATURE-

Re: [gentoo-dev] Re: News item: Apache "-D PHP5" needs update to "-D PHP"

2016-01-04 Thread Kristian Fiskerstrand 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 01/04/2016 02:30 PM, Kristian Fiskerstrand wrote:
> On 01/04/2016 09:41 AM, Kristian Fiskerstrand wrote:
>> On 01/04/2016 01:26 AM, Sebastian Pipping wrote:
>>> Hi!
> 
> 
> 
> 
>> Such a change should really be avoided if possible. Would it be 
>> possible to have a conditional approach where either one can be 
>> used, or maybe set the new variable/defin if the old one is
>> used?
> 
> 
> Maybe I'm thinking things too difficult, why not just define both
> -D PHP and -D PHP5 in the transition period and suggest this config
> for any change?
> 

And while at it, in additional to news item, this should likely follow
a few version upgrades as elog messages before actually being
implemented anywhere

- -- 
Kristian Fiskerstrand
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJWin+hAAoJECULev7WN52FNGYIAIK5xZEaBvUzR9YCyzSphnI/
ymh6i+wUnzcCjX4TYpC5c05yp3nzLTXvKsaNFuMos43ZqhjTG6hny72waIZ5RRmM
KI1XORRItoOHiat6xuYrOg8S9vf881AJnS/w6XhRVkL1MrtGLrUbV2De/5Z7V1PU
3j0M702inkbPHoV3JfRv97ZZmupazCSj7rfrrwcvUFqjKFZNFU4zK76rAwRXYfSk
ZKC7MSAx6lfhcNmy8boUoFMnFwyimkI06hN8ZhaosexkSYqT5HeOUMrX2bpKtXF/
69Ky3bd8Vs8/f9WTqtjf3GJC/iBs1/gpxgSu7/hpy69yFoffLE9VsKe1xHSd3n4=
=C5MO
-END PGP SIGNATURE-

Re: [gentoo-dev] Re: News item: Apache "-D PHP5" needs update to "-D PHP"

2016-01-04 Thread Brian Evans 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 1/4/2016 3:41 AM, Kristian Fiskerstrand wrote:
> On 01/04/2016 01:26 AM, Sebastian Pipping wrote:
>> Hi!
> 
> 
>> Better late then never.  Posting 72 hours from now the earliest
>> as advised by GLEP 42.  Feedback welcome as usual.
> 
> Do you have any timeline in place for the change happening in tree
> (in particular for stable users).
> 
> 
>> Without updating APACHE2_OPTS, websites could end up serving PHP
>>  code (include configuration files with passwords) unprocessed to
>>  website visitors!
> 
> 
> Such a change should really be avoided if possible. Would it be 
> possible to have a conditional approach where either one can be
> used, or maybe set the new variable/defin if the old one is used?
> 
> 

The problem is really two-fold with the new eselect-php.

For future compatibility (to not have this happen again with say
PHP8), the PHP team changed the symlink created by eselect to be
libphp.so instead of the current libphp${MAJOR}.so.

The user must also reselect with `eselect php set X`, even for the
current PHP versions and not just 7.

mjo explored the option of "Define PHP" but
that is apache-2.4+ only.

If we wanted a "compatibility" layer, it would be the same section
repeated until 2.4 was the only version available.  That might confuse
users even more.

Brian
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.17 (MingW32)

iQIcBAEBAgAGBQJWioraAAoJENH3ge/59KO2wNUQAKThJz1QBjOvOmi0ClluVxt8
Lt0fbibQXIgZScJy5zqeOwX3EAUDqBST8sonNhJ8uQT4qbU8gwdYK6vhoDbJS0sX
oNzbdwxumSwNBsi4UCl/D0Dj+XefgIyvmgGBZ0RA8t0x8Ls3uQB6DWI1f36Z3wAs
ULqJc38+d1e5pmNu3jpc5tvG2ybvaVVGbWmNiOI8rafFV12KIsRMDHdDCG4DpkQD
bmWLYTv44Nt5nSY2wmLQQAV57kB2PsaaT0qlQciVhKiqOUA+qlmI0dtM3LLSNitK
dqKWNj7WTQFBM1SLHXD0s4CQk9XhFB9E07zelcB5zuC9XeYj1mbrn9aEtfl5lfVs
hHHJQ97MG3u/XwPTHY04J6wfoaQW4dwaQd74Pz48qJ2DqSW9HV8UTS2enF5cuZok
mFfd+xexHvcz45jyz83BtXM4mRWdHBDdy/3fYEvN12wVgU4hQcjDTKKPwpO3Btsb
uyCar+SgoHoRIEQhfDytnT0Idte2GifCysPq7hG12j+efwT7pt0XXk+TZQaH/opZ
FWRzOvjXZXd41M3RQ7H5D+KXrKV3uY4mE41rceEUXrw9PQrueg6Cw5ujK/opawrv
a8qonCtx7LZrEzYLagCYEBDPdgvxHWzIBb0vdgYoRVzSRwoJiAA66dbRuqC7s34G
JM84VqrtPsaCktCq6vw3
=/gh0
-END PGP SIGNATURE-

Re: [gentoo-dev] Re: News item: Apache "-D PHP5" needs update to "-D PHP"

2016-01-04 Thread Peter Stuge 
Kristian Fiskerstrand wrote:
> Maybe I'm thinking things too difficult, why not just define both -D
> PHP and -D PHP5 in the transition period and suggest this config for
> any change?

Because it mostly just defers the problem.

If the desire is to move away from PHP5 then I would suggest to force
a failure when starting Apache, if PHP5 is defined when PHP is required.

Ie. fail closed.

I can be talked into supporting the idea to only print a warning when
PHP5 is set and to not fail (no source served) for some period of
time until which the forced failure starts, if PHP5 is still set.

Don't fail open, fail closed. Since manual interaction is required
some people will forget or overlook it, and will get a failure.

I would introduce the failure right away, but maybe a warning will
make some happy who would otherwise have gotten a failure.


//Peter

Re: [gentoo-dev] Re: News item: Apache "-D PHP5" needs update to "-D PHP"

2016-01-04 Thread Rich Freeman 
On Mon, Jan 4, 2016 at 9:20 AM, Kristian Fiskerstrand  wrote:
>
> And while at it, in additional to news item, this should likely follow
> a few version upgrades as elog messages before actually being
> implemented anywhere
>

I don't want to be too prescriptive with the solutions.  However,
clearly /some/ kind of orderly transition is necessary.  News before,
an elog, etc.  And that news needs to be timely - not 12 months before
stable mysteriously breaks one day, unless it is safe to make the
change before the update.  I'd leave it up to the maintainer to decide
whether it is more work to coordinate the timing around all the
communications or to have a more graceful transition so that the
timing isn't as critical.

-- 
Rich