Bug 176459
Summary: | RFE: php-pear bundles unnecessary packages in main RPM; slim it down? | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | Greg Swallow <greg> | ||||
Component: | php | Assignee: | Joe Orton <jorton> | ||||
Status: | CLOSED NEXTRELEASE | QA Contact: | David Lawrence <dkl> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 4.0 | CC: | jhughes, joshkel | ||||
Target Milestone: | --- | Keywords: | FutureFeature | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Enhancement | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2006-02-03 08:55:08 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Greg Swallow
2005-12-23 00:50:57 UTC
To be honest, I think php-pear should contain only Pear. All those other items (except OS_Guess) can be updated seperately and at some time for software compatibility might need to be. I believe that php-pear should be handled exactly like perl ... the main package contains only perl, and all add-on modules are packaged seperately. Archive_Tar, Console_Getopt and XML_RPC are dependancies of PEAR - see http://pear.php.net/package/PEAR/download/ Perl also provides more than just 'perl' - check 'rpm -q --provides perl' Sorry, I think I misunderstood what you meant. If you're asking they be packaged in 4 rpms instead of 1, then I think that's an arguement best discussed on the Fedora bug report of which this is a clone of, or starting a new one. Created attachment 122567 [details]
patch for php.spec
The patch aboove works to build a php-pear without the extra modules. It looks like the unneeded modules were removed in php-4.3.11 - http://marc.theaimsgroup.com/?l=php-dev&m=111454931632260&w=2 - "It was becoming increasingly difficult to maintain the bundles, and because older versions were often bundled, it introduced potential security risks as well." Changing severity to 'security', as that's the gist of the mailing list post from the PHP developer above. I looked but didn't find specific cases of security issues with the bundled versions of DB, Mail, HTTP, Net_SMTP, Net_Socket and XML_Parser, but is it not better to be as proactive as they were? Thanks for filing the bug. PEAR packages cannot be removed from php-pear in an update to RHEL4 since this would break working configurations (which may rely on the presence of said packages). In a future RHEL release, the changes made in Fedora Core to split out and strip down the php-pear package will be picked up. |