What is Canonical's LTS support policy for EOL software?

security policy

I'm using PHP 5.3 and need to remain on PHP 5.3 for the foreseeable future. Please don't suggest upgrading -- for my setup, it's simply not possible at this stage.

I'm currently evaluating which OS to choose for my new server. I'd prefer to use Debian Wheezy (on which I'd leverage apt's pinning system to pull PHP 5.3 packages from Squeeze), but the latest Ubuntu LTS includes PHP 5.3 and is supported until 2017.

Here's what I'm wondering: PHP 5.3 goes EOL in less than a year. When it's abandoned, will Canonical abandon it as well, or will they backport security fixes from PHP 5.4+ (where applicable) until 2017?


Solution 1:

PHP is in the main repository.

$ apt-cache policy php5
php5:
  Installed: (none)
  Candidate: 5.3.10-1ubuntu3.6
  Version table:
     5.3.10-1ubuntu3.6 0
        500 http://nl.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages
     5.3.10-1ubuntu3 0
        500 http://nl.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages

and supported for 5 years:

$ apt-cache show php5 | grep ^Supported
Supported: 5y

Canonical's definition for software in this repository is:

Main

The main component contains applications that are free software, can be freely redistributed and are fully supported by the Ubuntu team. This includes the most popular and most reliable open-source applications available, many of which are included by default when you install Ubuntu. Software in main includes a hand-selected list of applications that the Ubuntu developers, community and users feel are most important, and that the Ubuntu security and distribution team are willing to support. When you install software from the main component, you are assured that the software will come with security updates and that commercial technical support is available from Canonical.

So, yes, the policy is to provide security updates to PHP for five years, independently of what PHP is doing. This is not unique to Canonical, but also Red Hat, Debian and other distributions backport security patches for newer versions.

I don't think that point releases of Ubuntu LTS will upgrade to PHP 5.4 - it may be available as a separate package though. See also What are point releases in LTS versions?

Related

How to type Malayalam in Ubuntu?
How to increase Scrollback lines in Ubuntu(14.04.2) server edition?
Xubuntu 18.04 kernel takes long to boot
How can I change the font of the top bar without changing the shell theme?
How to reset font size in ubuntu 14.04?
VirtualBox not starting after kernel upgrade
Where is the persistent option for Startup Disk Creator in 16.04?
Abiword starts automatically each restart
Joystick acts as mouse; won't stop
How do I add a slider to an AppIndicator?
shopt works in command line, not found when run in a script
Skype 2.2.0.25 keeps switching off