On Mon, Jun 22, 2026 at 9:19 AM Gina P. Banyard <[email protected]> wrote:
> We still have a bit of time anyone else to propose additional > deprecations, and if you have write access feel free to add them directly > to the RFC. > Please note that with the new RFC policy rules the RFC must be finalized > and in a "frozen" state by the 13th of July at the latest. > Before I add it to the RFC, I wanted to get a quick temperature check on whether people think it is finally time to deprecate and eventually remove open_basedir? The argument is that it's an old "hack" designed in an era when most people ran php on shared hosts via mod_php (Apache) under the same username, necessitating a way to separate users. For any hosting provider prioritizing security, better solutions exist now (VPC, php-fpm with different user pools, etc...) Therefore, this solution has outlived its usefulness and only adds complexity & overhead to file operations across the codebase. -- Ilia Alshanetsky Technologist, CTO, Entrepreneur E: [email protected] T: @iliaa B: http://ilia.ws
