this post was submitted on 18 Jan 2024
88 points (95.8% liked)

Linux

48017 readers
1008 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Will they keep patching old version of PHP?

all 29 comments
sorted by: hot top controversial new old
[–] [email protected] 44 points 9 months ago

They're waiting for Debian developers backporting the patches.

[–] [email protected] 35 points 9 months ago

In many cases, they will cherrypick security fixes and other major bugfixes from the bleeding edge version, and put those fixes in the old versions of the software.

This is the same thing the PHP folks would do while the old PHP is supported. Once the old PHP is out of support but Ubuntu LTS is still in support, then the Ubuntu folks have to put in the extra work to do the cherrypicking.

[–] [email protected] 27 points 9 months ago* (last edited 9 months ago) (1 children)

Only if there is such a huge vulnerability that they will have no choice.

That’s just my guess.

Promise of support is a tricky one.

[–] [email protected] 12 points 9 months ago

I love how people are up-voting your completely wrong "just a guess".

[–] [email protected] 20 points 9 months ago

Take up non-feature security-only maintenance.

This isn't hard. SCO and Sun did exactly this.

[–] [email protected] 12 points 9 months ago

I'd guess they'll do what Debian does with backports.
https://backports.debian.org/

[–] [email protected] 10 points 9 months ago

There are community backports (like Sury's Debian builds) for PHP, including a branch of PHP 5.6 originally released in 2014. Most other notable languages and major packages have something likewise as well, right down to major packages like Drupal 6. It's not always easy, but it's doable and the work is usually either already done or can be paid for.

Weird things that are truly too difficult to support are also often excluded. Eg Spectre/Meltdown fixes were non-trivial and had to be backported to a fairly wide range of things but that only went so far back. Some old systems just never got those fixes and instead have to be ran with a workaround ("don't run untrusted code"). I don't know how things are with the new offering but large complicated packages with lots of moving parts like OpenStack used to be excluded from the full extended support cycle before as well.

[–] [email protected] 7 points 9 months ago (2 children)

I would think "long term support" can also sometimes mean moving that support to a newer version, especially where it doesn't break compatibility.

[–] [email protected] 3 points 9 months ago

It usually involves "backporting" new fixes into old code.

[–] [email protected] 1 points 9 months ago

That would be the logical conclusion, but I believe Debian uses the old version for years after it's unsupported and might backport security fixes depending on how severe they are. Either way, I personally wouldn't trust Debian or Ubuntu to properly fix security issues with a program (or in this case, programming language) that they do not actively develop or maintain themselves.

[–] [email protected] 3 points 9 months ago

Either they add a new version of PHP or they backport the fixes.

[–] [email protected] 2 points 9 months ago (1 children)

I'm sure it'll be fine, just keep running the old version 🙃

[–] [email protected] 4 points 9 months ago

It will be fine. That's the entire point of an lts version. Ubuntu back ports security fixes to the old versions.