Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So I develop PHP. The reason I don't use Debian stable is because the latest version of PHP on there is 5.4.41, which is behind the "old stable version". That means security fixes only.

No bug fixes that resolve problems, or modern functionality (that release is over a year old), and will be EOLd in 1 month. That means a big delta of change that will be needed to handled when debian finally does get round to upgrading. Large deltas of change mean lots of risk.

It's much better to stay further up the crest of the wave and handle more regular updates, to minimise the size of the risk I'm bringing into my code at each release, than it is to stick to an old version and not handle the stream of new functionality that's coming in as it arrives.



Debian Stable has 5.6.9 at the moment, https://packages.debian.org/jessie/php5 - and shipped with 5.6.7 initially.

Security updates for php5 in Debian seem to have changed from backporting security fixes to staying up to date on any given upstream minor branch, including other fixes. https://security-tracker.debian.org/tracker/source-package/p...


Gah, well there's that argument out the window. We tend to use docker on CoreOS here, so it's not much of an issue.

Maybe next time I stand up a real VM I'll look at using Debian stable then.


For more up to date PHP packages on Debian, try http://dotdeb.org


+1 for DotDeb. For Jessie I would use the stock packages.


From memory, Dotdeb won't be shipping PHP for Jessie until 7.0 is released, because as you say, the stock release is 5.6 already.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: