When will MySQL and PHP been updated for Debian 8?

News and discussion about development of the Debian OS itself

When will MySQL and PHP been updated for Debian 8?

Postby w-sky » 2016-11-02 13:32

MySQL 5.5 and PHP 5 are outdated and insecure - my question is, will they be updated within the Debian 8 updates in "foreseeable" time, or should all admins running Debian 8 as a server update them manually? :?
w-sky
 
Posts: 3
Joined: 2016-11-02 13:20
Location: Berlin

Re: When will MySQL and PHP been updated for Debian 8?

Postby dasein » 2016-11-02 13:41

w-sky wrote:...my question is, will they be updated within the Debian 8 updates in "foreseeable" time

No.

w-sky wrote:, or should all admins running Debian 8 as a server update them manually? :?

No.
User avatar
dasein
 
Posts: 7369
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: When will MySQL and PHP been updated for Debian 8?

Postby kedaha » 2016-11-02 14:25

w-sky wrote:MySQL 5.5 and PHP 5 are outdated and insecure - my question is, will they be updated within the Debian 8 updates in "foreseeable" time, or should all admins running Debian 8 as a server update them manually? :?

Are you referring to existing vulnerabilities or have you found others which should be reported to the Debian Security Team. Debian 8 only receives security updates but you might consider installing mysql from jessie-backports if you need any features not available using the current stable packages; for example:
Code: Select all
$ rmadison  mysql-server mysql-client |grep jessie-backports
mysql-client | 5.6.30-1~bpo8+1 | jessie-backports         | all
mysql-server | 5.6.30-1~bpo8+1 | jessie-backports         | all
User avatar
kedaha
 
Posts: 2589
Joined: 2008-05-24 12:26

Re: When will MySQL and PHP been updated for Debian 8?

Postby w-sky » 2016-11-02 16:32

No I'm referring only to known vulnerabilities and drawbacks. For example, PHP 7 is twice as fast as PHP 5 – this alone is a major reason to upgrade – and PHP 5 latest version still has options that when enabled can cause a security risk.
Wordpress.com recommends using MySQL 5.6 or greater and they surely have their reasons too. https://wordpress.org/about/requirements/
w-sky
 
Posts: 3
Joined: 2016-11-02 13:20
Location: Berlin

Re: When will MySQL and PHP been updated for Debian 8?

Postby pylkko » 2016-11-02 19:25

those issues were already addressed in this thread and are things that people maintaining a server should already know.... Reiteration: Security Team takes care of known vulnerabilities. PHP 7 will not be available on Debian 8. it's less safe to use backported or your own install manually/from source than the one in the repository, but at the end of the day that's your call
User avatar
pylkko
 
Posts: 882
Joined: 2014-11-06 19:02

Re: When will MySQL and PHP been updated for Debian 8?

Postby Zill » 2016-11-02 21:06

w-sky: Please see "Don't suffer from Shiny New Stuff Syndrome" in the Debian Wiki.
User avatar
Zill
 
Posts: 18
Joined: 2011-03-25 16:16
Location: Lincolnshire, UK

Re: When will MySQL and PHP been updated for Debian 8?

Postby debiman » 2016-11-03 19:37

w-sky wrote:For example, PHP 7 is twice as fast as PHP 5
proof, reports, examples?
– this alone is a major reason to upgrade –
maybe you should switch to archlinux as your server environment, then.
and PHP 5 latest version still has options that when enabled can cause a security risk.
i daresay this holds true for php7, too. and all other software.
in any case, since you know these risks, don't enable them?
Wordpress.com recommends using MySQL 5.6 or greater and they surely have their reasons too. https://wordpress.org/about/requirements/
wordpress is a known vulnerability all by itself. lol.

pylkko wrote:Reiteration: Security Team takes care of known vulnerabilities. ... it's less safe to use backported or your own install manually/from source than the one in the repository

this.
User avatar
debiman
 
Posts: 961
Joined: 2013-03-12 07:18

Re: When will MySQL and PHP been updated for Debian 8?

Postby pylkko » 2016-11-03 19:57

Actually php7 is pretty much exactly, no more no less, 2x faster than 5.6
User avatar
pylkko
 
Posts: 882
Joined: 2014-11-06 19:02

Re: When will MySQL and PHP been updated for Debian 8?

Postby w-sky » 2016-11-04 01:31

pylkko wrote:Actually php7 is pretty much exactly, no more no less, 2x faster than 5.6

Yes – I installed PHP7 on my Debian 8 server and my Wordpress site now loads in 2.4s instead of 4.5s. I guess I will upgrade to Debian 9 next year anyway.
w-sky
 
Posts: 3
Joined: 2016-11-02 13:20
Location: Berlin

Re: When will MySQL and PHP been updated for Debian 8?

Postby debiman » 2016-11-04 18:18

w-sky wrote: I installed PHP7 on my Debian 8 server

and are you going to keep this secret all for yourself, or will you share the solution, so others can benefit from it?
remember, these forums are a 2-way street.
User avatar
debiman
 
Posts: 961
Joined: 2013-03-12 07:18

Re: When will MySQL and PHP been updated for Debian 8?

Postby stevepusser » 2016-11-04 20:20

https://www.dotdeb.org/2015/12/04/php-7 ... or-jessie/

These may cause problems if you plan an upgrade in place to Stretch, though. It depends on how they implemented the backports.
The MX Linux repositories: Backports galore! If we don't have something, just ask and we'll try--we like challenges. New packages: AzPainter 2.0.4, Pale Moon 27.3.0, Liquorix kernel 4.10-2, mpv 0.25.0, Kodi 17.1, Ksnip 1.3.1, Mesa 13.0.6
User avatar
stevepusser
 
Posts: 8201
Joined: 2009-10-06 05:53

Re: When will MySQL and PHP been updated for Debian 8?

Postby pylkko » 2016-11-04 20:22

The secret is using either a third party repo or frankendebian. In other words, no secret at all.
User avatar
pylkko
 
Posts: 882
Joined: 2014-11-06 19:02

Re: When will MySQL and PHP been updated for Debian 8?

Postby millpond » 2016-11-19 22:51

PHP and MySQL are crucial features of web site hosting servers that no sysadmin in their right minds would 'update' according to the whims of upstream providers. It would destroy their businesses almost immediately.

The reason is that enterprise website software is often created by independent developers, or if used as a pre-existing package like Drupal can be massive in size and complexity, and not take too well to updates messing with their modifications and specialized scripts.

Some ecommerce sites, even my own are running software over a decade old, and are not about to pay thousands in developer fees because some propellorhead tells the owners it may save a second or so on loading time, when their hardware is fast enough so that it is not an issue.

For blog software like Wordpress which must always be updated, and where software mods are actively discouraged, this may not be a problem - but for ecommerce sites stability instead of 'new' features is what keeps them in business.

Edited to add:
Things would not be so bad if newer versions of LAMPP programs had a history of coexisting with legacy code. But PHP for example has the notoriety of crashing due to 'deprecated' function names. And even perl needs certain switches set to avoid that problem. Not sure about MySQL or Apache though.

If you should ever consider developing websites or hosting utils - it would be well so see what software versions of the LAMPP stack are preferred at the time. The good news is that some hosts will permit differing versions of PHP and I believe mySQl for their customers.
millpond
 
Posts: 582
Joined: 2014-06-25 04:56

Re: When will MySQL and PHP been updated for Debian 8?

Postby RoyFokker » 2016-12-07 00:31

w-sky wrote:MySQL 5.5 and PHP 5 are outdated and insecure


Wow, Mysql 5.5.5 used in stable was released in late 2010! See:
http://dev.mysql.com/doc/relnotes/mysql ... 5-5-5.html
2010-07-06

The geniuses in the linux cult performs such nonsense all the time -- it is their default setting. Generally they like to waste monumental effort making millions of useless window managers, and backporting security fixes and bugfixes from software they want to hold hostage for about 4-6 years in time in a semi-frozen state under the deluded notion that it is more secure. Meanwhile stuff that is missing or annoying never gets dealt with and only gets worse. How could it, they are too busy making too many desktop environments that are lacking and don't work together beceause herrr-derr "freedom to suck", trying to patch dinosaur software that upstream doesn't care about as they stopped supporting it, etc.?

Don't try to argue with true believers of this cult. Instead go to your local Scientology center for sane conversation. Anyway maybe on the server that approach has merit, but there is no reason why home users should be using four to six year old versions of browsers, torrent clients, crappy outdated word processors that anyway cannot interact with documents that most the world creates anyway, etc. Frankly these people don't care and will suffer with nonsense and inferiority as long it is open-source inferiority.
RoyFokker
 
Posts: 206
Joined: 2008-07-05 10:56


Return to Debian Development

Who is online

Users browsing this forum: No registered users and 2 guests

fashionable