Hello, On Sat, 2 Feb 2019 at 02:08, Alice Wonder <al...@librelamp.com> wrote: > I do not like composer. A problem I have encountered, a project > specifies a version for a dependency. > > That version has vulnerability, developer fixed it in newer release, but > composer keeps pulling in the older version because that is what > composer provides. > > And it can be the dependency of a dependency of a dependency. > > I do not like Composer. > > Adding a "recognition page" while cutting PEAR off also seems, well, slimy.
Frankly, this is irrelevant. If you don't use Composer, that's your choice. PEAR isn't maintained and will cause similar issues all the time. Not removing this installation option from php-src in the near future means maintaining patches for all that time this option will be present in the PHP and shipping separate pear package for all Linux distributions. I don't like the sound of that. -- Peter Kokot -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php