On Mon, Jun 22, 2026 at 9:19 AM Gina P. Banyard <[email protected]> wrote:

> We still have a bit of time anyone else to propose additional
> deprecations, and if you have write access feel free to add them directly
> to the RFC.
> Please note that with the new RFC policy rules the RFC must be finalized
> and in a "frozen" state by the 13th of July at the latest.
>

 Before I add it to the RFC, I wanted to get a quick temperature check on
whether people think it is finally time to deprecate and eventually remove
open_basedir?

The argument is that it's an old "hack" designed in an era when most people
ran php on shared hosts via mod_php (Apache) under the same username,
necessitating a way to separate users.
For any hosting provider prioritizing security, better solutions exist now
(VPC, php-fpm with different user pools, etc...) Therefore, this solution
has outlived its usefulness and only adds complexity & overhead to file
operations across the codebase.

-- 
Ilia Alshanetsky
Technologist, CTO, Entrepreneur
E: [email protected]
T: @iliaa
B: http://ilia.ws

Reply via email to