[pkg-php-pear] Bug#831418: #831418 EOL: not to be released with Stretch
Markus Frosch
lazyfrosch at debian.org
Sun Aug 21 12:26:52 UTC 2016
Control: severity -1 important
On 25.07.2016 13:11, Markus Frosch wrote:
> Hey all,
> this is a interesting problem, while looking on the 3 dependent packages. (see below)
>
> We have 3 choices to go on:
>
> 1. Still provide zendframework 1 in a separated path, so it won't conflict with ZF2/3
> 2. Embed needed code into the packages, and drop the full library
> 3. Remove all 3 packages from stretch
>
> I'd prefer to go with #1, there should not be any major security issues in the future with the code base.
>
> And if so, we should be able to tackle them.
>
> I would love to hear the opinion of the security team on the matter.
>
> Regards
> Markus
>
>
> ## icingaweb2
>
> The integrations of Zend in terms of controllers/templates is not that big of a problem. Zend_Form is integrated tightly into the application.
>
> Any adaption to ZF2/3 will need rewriting, that is not simple and certainly not a drop-in replacement in terms of functionality.
>
> ## postfixadmin
>
> Zend_Xmlrpc_Server is used to provide API functionality, this is not a must for the package.
>
> But adapting to ZF2/3 will cause rewriting the XMLRPC interface.
>
> ## php-letodms-lucene
>
> The package is relying on Zend_Search_Lucene to index documents and search them.
>
> A removal of ZF1 will cause massive problems here. Question is: who uses the package?
Until I hear other DDs opinion on my thoughts, I'd prefer not to remove zendframework from Debian.
Downgrading bug to important.
David: What do you think? ZF2+3 is not a drop-in replacement for ZF1.
Cheers
Markus Frosch
--
markus at lazyfrosch.de / lazyfrosch at debian.org
http://www.lazyfrosch.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20160821/a33a74f2/attachment.sig>
More information about the pkg-php-pear
mailing list