I argue that this is a security risk. An unknowing user who upgrades to Stretch would be happy that his php code continues to run... but he suddenly is running on unsupported software. And any future security updates to php will be silently ignored by his system.
By upgrading to Stretch he probably thinks he's doing 'the right thing' to stay secure... not so for this part :( Could apt-listchanges atleast mention this? Or https://www.debian.org/releases/stable/amd64/release-notes/ The nicest thing would be if we could get the same set of packages installed for php7 .. e.g. also replace php5-curl by php7.0-curl But I can see the risk of incompatibilities. -- Met vriendelijke groet / Regards, Herman van Rink Initfour websolutions