Safest place to get latest Apache and PHP or switch to debian?

I'm a relatively new Ubuntu user and would like to use the latest version of PHP 5.6 and Apache 2.4

I've been using the latest versions of Apache and PHP on Windows without any problems for a few years now, but I'm switching to Ubuntu since they provide better performance.

I've noticed that the versions in Ubuntu are older, I've read some tutorials and some people recommended to install Ondřej Surý PPA's.

I've read that PPA's can contain malicious software and such, and since I'm not familiar with his PPA's I'm asking for advice about (his) PPA's on here.

I've read that he is an official maintainer for some of the Debian packages. I was wondering if his packages for Ubuntu have a big user share and if they are safe to use. (e.g. is there anyone else that contributes to his PPA's or that checks for possible malicious code)

Note: I don't want to suggest he can't be trusted or anything, but I'm just curious and careful ;)

Additionally since Debian keeps up with the latest versions of Apache and PHP I'm considering switching to that, since it has more people contributing and using their packages.

I know how to use the command line and the text editor nano quite well (I run Ubuntu server after all ;)

My question is, how hard is it to switch to Debian? Is it comparable to running ubuntu server, as in I install software with apt-get and configure it with a text editor? or is it more like having to edit source code and compile stuff my self?


Solution 1:

The safest place to get the software you seek would be from the Ubuntu Repositories (as for PHP and Apache, Security Patches are applied by the Security Team to all the releases where a security issue exists), or directly from the upstream projects by downloading the source code in a tarball and compiling it.

On Ubuntu, the PPAs from Ondrej for the PHP versions are actually OK to use. Ondrej is one of the maintainers for the Debian package and also the Ubuntu package as a result of his Debian efforts, and he has worked on Ubuntu bugs at times in PHP5 as well (Debian QA page for php5 where Ondrej is listed in the maintainers and uploaders). His PPAs are safe to use, and in fact on some systems I use them in production still when I need the older versions of PHP. (Or in rare cases, I backport the latest from Debian myself, but I'm a power user so...)

However, the only true 'trusted' way to get the latest software is to download the latest source code and compile it yourself for everything. Your next 'trusted' way is to use the repositories for the OS you have (such as Ubuntu, which the Security Team will provide patches and updates for via the security repositories for Ubuntu to keep security holes patched up).


Ubuntu is actually derived from Debian, such that it operates much the same as a Debian system would with a wide number of changes. The only way to get the 'latest and greatest' PHP and Apache is to use Debian Unstable provided the package maintainers are extremely current on releasing updates (which usually is NOT the case given Debian freezes and such, just like Ubuntu has).