We give our users the option of installing either the "development" or "production" ini files via the PHP_INI_VERSION variable. It defaults to the development version. The differences between the two are: * error_reporting (E_ALL in dev, E_ALL & ~E_DEPRECATED & ~E_STRICT in prod) * display_errors (on in dev, off in prod) * display_startup_errors (on in dev, off in prod) * mysqlnd.collect_memory_statistics (on in dev, off in prod) The display_errors setting is a tiny bit sensitive, since it can leak details about a crashed application. Keeping in mind that dev-lang/php can get pulled in as part of e.g. mail-client/roundcube, I think it would be preferable to at least install the production ini by default. The question then is, is it worth having an environment variable dedicated to twiddling those three other settings? I think not. Another benefit to limiting ourselves to one ini file is that it becomes easier to patch it. Right now we have some crazy sed calls in the ebuild that could be patched instead (we would use a placeholder for EPREFIX). And while we're at it, I don't like setting session.save_path = "/tmp" by default since it lets other system users hijack sessions. This would also let us patch opcache.validate_permission easier: http://www.openwall.com/lists/oss-security/2017/02/27/4
commit eb52e5fc00c55bb18c93beca65e3bf97a1f7ad45 Author: Michael Orlitzky <mjo@gentoo.org> Date: Tue Mar 21 13:50:27 2017 -0400 dev-lang/php: new revisions to phase out PHP_INI_VERSION. These three new revisions install the "production" version of php.ini unconditionally. The changes between the two versions are minimal anway, and the production version is safer for people who don't care. A warning will be emitted for users who still have the variable set. In addition, the 5.6 and 7.0 series will now cache their ./configure test results. This is based on a similar change made in 7.1, and should speed up the build a little. Gentoo-Bug: 530002 Gentoo-Bug: 611214 Package-Manager: Portage-2.3.3, Repoman-2.3.1