Hi, Le 18/06/2016 à 16:32, Mathieu Parent a écrit :
> Some other things may break, but I'll vote still vote for this patch, > as only 6 packages depends on it. > > David, what do you think? I disagree, and stand to what I’ve written in the last changelog entry: Actually fixing the constructors requires to also fix all their calls, both internally and externally. This backward-incompatible change has been achieved in version 2 of phpseclib, packaged in Debian as php-phpseclib to ensure co-installability. (Closes: #819420) From http://phpseclib.sourceforge.net/: The 2.0 branch has pretty much the exact same API as the 1.0 branch, save for that it is namespaced, uses PHP5-style constructors (thereby avoiding E_DEPRECATED errors) and requires the use of an autoloader. A proper fix to the deprecated constructor syntax is maintained upstream, provided in Debian via php-phpseclib (version 2). If you want to use it, you should depend on php-phpseclib instead of php-seclib (helping various upstreams to move away from version 1 to version 2 will probably be a better use of our collective time than patching the version 1 ourselves). Regards David
signature.asc
Description: OpenPGP digital signature