← Back to team overview

ius-community team mailing list archive

Re: state of IUS PHP packages on EL5

 

Thanks for the SSL info.  Things like that are why we previously decided that we would no longer accept new package requests for EL5.  Our mission is to backport new software to EL, but after a certain age it just becomes untenable.

I think you are mixing up Extended Update Support (EUS) [1] with Extended Life Cycle Support (ELS) [2].

* EUS is where Red Hat backports selectively backports security updates to individual point releases older than the current point release.  They have separate EOL dates from the main release.  For example, the last EUS release for EL5 was 5.9, and it was EOL'ed by Red Hat on 2015-03-31 [3], even though the main release (5.11) is still supported until 2017-03-31 [3].

* ELS is an optional add-on for RHEL.  It doesn't exist for CentOS, and we don't build IUS packages for it.  We archive all our packages for a EL major release once that release reaches the end of it's standard "Production Phase" [3].

[1] https://access.redhat.com/articles/rhel-eus
[2] https://access.redhat.com/solutions/690063
[3] https://access.redhat.com/support/policy/updates/errata/

Carl George
Rackspace RPM Development

________________________________________
From: Andy Thompson <me@xxxxxxxxxxxx>
Sent: Thursday, June 11, 2015 02:39 PM
To: Carl George
Cc: ius-community@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Ius-community] state of IUS PHP packages on EL5

Hi Carl,

Some thoughts on PHP 5.6 on EL5:

* PHP 5.6 introduces secure defaults for SSL/TLS connections from PHP (such as high strength ciphers including ECDHE based ones, TLS preference). RHEL/CentOS 5 have an old openssl package 0.9.8e, which doesn’t have support for these ciphers and TLS 1.1+ as well as no SNI support, so doesn’t provide the level of capabilities most PHP 5.6 installations would benefit from.
The defaults also severely limit the number of secure TLS 1.0 ciphers to I think just 3DES, which adds more cpu load.
Of course you could build it against a later openssl package if you were to add parallel package support, but then would need to maintain openssl. The same isn’t an issue for RHEL/CentOS 6.

* Though RHEL/CentOS 5 will effectively be EOL March 2017, RHEL offers Extended Upgrade Support subscriptions, offering support for servers 3 years beyond that. Whilst using this, RHEL servers would continue to get support for base packages, the IUS EL5 repository would effectively EOL php56u on that platform version before php56u becomes EOL, leaving EUS supported servers unable to update even when php.net is still releasing updates. I doubt EUS subscriptions are used much by servers using IUS though.

Regards

Andy

> On 10 Jun 2015, at 19:31, Carl George <carl.george@xxxxxxxxxxxxx> wrote:
>
> Howdy,
>
> PHP 5.4 will reach end of life in approximately three months [1].  After we reach that date, IUS will follow suite and move all of our php54 packages (including modules) to the archive.  This could present a problem for some IUS users, since we don't currently package php55u and php56u for EL5.  Users still on EL5 will not have any options for IUS php packages.  We've already decided that we will not offer any new packages for EL5 [2], but we are considering making a one-time exception for this situation.
>
> Relevant dates:
> 2015-09-14 - PHP 5.4 EOL
> 2016-06-20 - PHP 5.5 EOL
> 2017-03-31 - EL 5 EOL
> 2017-08-28 - PHP 5.6 EOL
>
> Here are the possible courses of action we could take.
>
> * Do nothing.
> - EL5 users will only have IUS PHP packages available until 2015-09-14.
> - That is a gap of 1 year and 6 months until EL5 reaches EOL with no IUS php packages.
>
> * Backport php55u to EL5.
> - EL5 users will only have IUS PHP packages available until 2016-06-20.
> - That is a gap of 9 months until EL5 reaches EOL with no IUS php packages.
>
> * Backport php56u to EL5.
> - EL5 users will have IUS PHP packages available for the remainder of the EL5 lifecycle (2017-03-31).
>
> The first option would be the easiest for us, but we can understand why it could be bad news for users.  Since we are making an exception to our previous decision, we don't think it is appropriate to backport both php55u and php56u; it will either be one or the other, or none at all.
>
> We would like the communities feedback before we make a decision.
>
> Carl George
> IUS CoreDev Team
>
> [1] http://php.net/supported-versions.php
> [2] https://lists.launchpad.net/ius-community/msg01207.html
> _______________________________________________
> Mailing list: https://launchpad.net/~ius-community
> Post to     : ius-community@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~ius-community
> More help   : https://help.launchpad.net/ListHelp


Follow ups

References