[Freedombox-discuss] The Status of PHP
Danny Haidar
haidar at freedomboxfoundation.org
Fri Jan 4 18:35:18 GMT 2019
Hi everyone,
An important subject was discussed in the IRC channel today, and I want
to bring it to the attention of the community.
Over the course of a discussion about the long-standing desire to
integrate Nextcloud into FreedomBox (and, as a precondition, into the
Debian ecosystem), Jonas brought up a broader criticism of software
written in PHP. Here it is in brief: software written in PHP cannot be
reliably run without supervision. Since FreedomBox is designed to be a
server system that requires no administration, PHP's occasional
requirement of supervision conflicts with our goal of self-administration.
I want to make sure that we don't ignore this point the next time we
discuss packaging Nextcloud, WordPress, or any other software written in
PHP. I know that we have plenty to discuss pertaining to the Buster
freeze in the coming weeks, but we should add this concern to an
upcoming call agenda.
Jonas shared some helpful resources to explain the criticism:
https://security.stackexchange.com/questions/643/why-do-people-say-that-php-is-inherently-insecure
https://eev.ee/blog/2012/04/09/php-a-fractal-of-bad-design/
Best,
Danny
--
Danny Haidar*
Vice-President for Product & Development
FreedomBox Foundation
* Not admitted to practice in any jurisdiction.
Nothing in this email constitutes legal advice.
I cannot establish any attorney-client relationships.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/freedombox-discuss/attachments/20190104/35047409/attachment.sig>
More information about the Freedombox-discuss
mailing list