Hi, > Is it possible to support these versions properly for our > users as long as there is security/LTS support for our releases?
the PHP 7.0 will be supported like any other package in Debian - the security fixes will be cherrypicked and applied for the lifetime of Debian stretch. Then the LTS team will (or will not) take over. > Lots of applications require php 7.1 or 7.2 these days. As > there is no official backport, the only option right now is > to use CentOS with SCLs PHP 7.0 and 7.1 are gone from unstable and testing and PHP 7.2 will be removed as soon as the transition to PHP 7.3 is finished. That means the only version of PHP that’s backportable according to Debian backport rules would be PHP 7.3. If somebody else wants to do the backport, feel free to do so, I am not blocking anyone to do the work. As a fact, all the PHP packages could be compiled as far as to Debian Jessie and Ubuntu Trusty (which means jumping through more hoops than strictly necessary). I am just declaring there’s only so much time one person can have, so I am not doing the official PHP backport. > I know that there is > https://deb.sury.org - but prefer to trust stuff that was > built on Debian machines and is distributed/signed with a > key we trust. Shrug, all the packages that I upload to Debian and to the DPA are signed by the same key - mine. > Will there be a proper solution for that soon? That’s very vague - there’s already a proper solution in place - backporting the security fixes is the *Debian way* of maintaining packages in stable. The exception of uploading new PHP patch releases to stable is well an exception and it took some time and effort to negotiate it. Cheers, Ondrej -- Ondřej Surý <ond...@sury.org> > On 16 Oct 2018, at 17:06, Bernd Zeimetz <be...@bzed.de> wrote: > > Hi, > > we (as in several customers and I) are wondering about the status > of php support in Debian. > > * According to http://php.net/supported-versions.php upstream > security support for 5.6 (jessie) and 7.0 (stretch) will be gone > soon. Is it possible to support these versions properly for our > users as long as there is security/LTS support for our releases? > > * Lots of applications require php 7.1 or 7.2 these days. As > there is no official backport, the only option right now is > to use CentOS with SCLs. I know that there is > https://deb.sury.org - but prefer to trust stuff that was > built on Debian machines and is distributed/signed with a > key we trust. > > > Will there be a proper solution for that soon? > > > Thanks, > > Bernd > > > -- > Bernd Zeimetz Debian GNU/Linux Developer > http://bzed.de http://www.debian.org > GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F
