Please stabilize the latest dev-lang/php-8.0.30 as it fixes two security issues.
sparc done
8.0 has been masked now.
Unable to check for sanity: > package masked: dev-lang/php-8.0.30
So, just like that, version 8.0 is simply dropped?
(In reply to Vasilis Lourdas from comment #4) > So, just like that, version 8.0 is simply dropped? The PHP team is empty + there's of backlog PHP work + v8.0 was EOL upstream 9 months ago and isn't receiving the bugfixes that it needs to remain usable on Gentoo = yes.
(In reply to Michael Orlitzky from comment #5) > (In reply to Vasilis Lourdas from comment #4) > > So, just like that, version 8.0 is simply dropped? > > The PHP team is empty + there's of backlog PHP work + v8.0 was EOL upstream > 9 months ago and isn't receiving the bugfixes that it needs to remain usable > on Gentoo = yes. Version 8.0 is supported until November 26th 2023 (security wise), but it is officially supported by upstream. So, from my point of view, it is not EOL. Likewise, PHP 7.4 should have been removed many months before, back in 2021, but it was just recently masked. I understand that the lack of resources is an issue, but in this case, dropping a still supported version IMHO is not a solution to this problem.
(In reply to Vasilis Lourdas from comment #6) > (In reply to Michael Orlitzky from comment #5) > > (In reply to Vasilis Lourdas from comment #4) > > > So, just like that, version 8.0 is simply dropped? > > > > The PHP team is empty + there's of backlog PHP work + v8.0 was EOL upstream > > 9 months ago and isn't receiving the bugfixes that it needs to remain usable > > on Gentoo = yes. > > Version 8.0 is supported until November 26th 2023 (security wise), but it is > officially supported by upstream. So, from my point of view, it is not EOL. > Likewise, PHP 7.4 should have been removed many months before, back in 2021, > but it was just recently masked. > It's EOL in 2 months and upstream haven't patched it for OpenSSL 3 *and* have no intention of doing so. I don't see what we can do about that. We're not gifted with powers of altering reality.
(In reply to Sam James from comment #7) > (In reply to Vasilis Lourdas from comment #6) > > (In reply to Michael Orlitzky from comment #5) > > > (In reply to Vasilis Lourdas from comment #4) > > > > So, just like that, version 8.0 is simply dropped? > > > > > > The PHP team is empty + there's of backlog PHP work + v8.0 was EOL upstream > > > 9 months ago and isn't receiving the bugfixes that it needs to remain usable > > > on Gentoo = yes. > > > > Version 8.0 is supported until November 26th 2023 (security wise), but it is > > officially supported by upstream. So, from my point of view, it is not EOL. > > Likewise, PHP 7.4 should have been removed many months before, back in 2021, > > but it was just recently masked. > > > > It's EOL in 2 months and upstream haven't patched it for OpenSSL 3 *and* > have no intention of doing so. I don't see what we can do about that. We're > not gifted with powers of altering reality. Ok, so why don't you remove the ssl flag and the openssl-1.1 dependency all together? At least the user will be able to run a project with PHP 8.0.
Users are free to unmask it and set USE=-ssl if they want. But there were some projects which hard-required SSL on whatever PHP version they had, which made it more complicated to try retain PHP-without-SSL support.
