On 10/10/2025 09:25, James Titcumb wrote:
The short version of that discussion is that PEAR is maintained by
someone else; the PEAR group apparently is separate from the PHP
group, as I understand it.
The PEAR website has a list of members of the PEAR Group, but says that
they were elected for a one-year term in 2009:
https://pear.php.net/group/ I'm not sure whether elections were
abandoned after that, or if the page was just not updated.
The "News" page ends in 2007, but links to a now-defunct WordPress blog,
which seems to have been maintained until 2018, after which I can't find
any official announcements at all:
https://web.archive.org/web/20181102164127/https://blog.pear.php.net/
The "pear-dev" list has had 3 threads this year, only 1 of which
actually got a helpful response:
https://news-web.php.net/group.php?group=php.pear.dev The "pear-general"
list has had only 1 message this year, which went unanswered:
https://news-web.php.net/group.php?group=php.pear.general
The RSS activity feeds are mostly broken, but comparing archived package
lists, I think the most recently approved package was Date_Holidays_Peru
in 2019; and before that, File_Therion in 2016.
I also had a look through the list of around 80 third-party channels
here: https://pear.php.net/channels/ Other than pear.php.net and
pecl.php.net, I could find only 8 that looked like they might still be
usable.
- https://empir.sourceforge.net/pear/
- https://pear.horde.org/
- https://pear.michelf.com/
- https://openpear.org/
- https://phpseclib.sourceforge.net/pear.htm
- https://pear.phpundercontrol.org/
- http://pear.timj.co.uk/
- https://github.com/Smarre/antlrphpruntime
The remainder are either non-existent/squatted domains, or projects
whose installation instructions refer only to Composer, or occasionally
PHAR downloads.
There are still references to "PEAR2" and "Pyrus" here and there, but
https://pear2.php.net doesn't even resolve
Everything points to the entire project being essentially unmaintained:
there are people here and there keeping the lights on, but little else.
Since it was for a long time promoted as the official package manager
for PHP, I think the PHP project has some responsibility - imagine, for
instance, if there was a security breach of pear.php.net.
I think as well as removing references in the manual and php-src, we
should at minimum work to add disclaimers to the site that it is no
longer officially endorsed by PHP, and perhaps pointing to a migration
guide to Composer.
--
Rowan Tommins
[IMSoP]
