Control: forwarded -1
https://salsa.debian.org/php-team/pear/php-slim-psr7/-/commit/d2e579fa2202265888baf9649cadce7f924fd93b
Control: found -1 php-slim-psr7/1.6.1-1~bpo11+1
Hi David,
This is a complicated subject that I already brought to you, but there is no
easy solution.
First, for the backports version: thank you for reporting this bug !
There is no change impacting the library in the diff:
https://github.com/symfony/polyfill-php80/compare/v1.22.0...v1.26.0
Lowering the version was already done for phpMyAdmin's PPA for Ubuntu jammy.
So I lowered the required version to symfony/polyfill-php80 1.22 available in
Bullseye to fix this bug.
Secondly, the subject that needs to be addressed: Users do what they want and
use php libraries on different versions that Debian was shipped with.
This is something some people want to avoid thinking about, but it's a reality.
- First point: Technically from a packaging stand point, there is no way to
block a library or app's usage with another version than the one shipped by
Debian.
It's only a deb file.
- Second point: if we could do that, the user could still run a library or app
on a different PHP version.
The only way is that the code must protect itself from being run on another
version of PHP.
So if "pkg-php-tools" autoloader tool would add some code in the autoloader to
ensure PHP classes are not run on a different PHP version then yes we can drop the
polyfill libraries.
The code would be protecting itself and we would avoid problems like:
https://bugs.launchpad.net/ubuntu/+source/phpmyadmin/+bug/2016016
The top stack solution we had to do on Ubuntu since one library did screw up
it's packaging was to force phpMyAdmin to require PHP 8.
Since the code did not protect itself, and this all resulted in a crash.
Ref:
https://code.launchpad.net/~athos-ribeiro/ubuntu/+source/phpmyadmin/+git/phpmyadmin/+merge/442711
I am awaiting the proper changes in Debian's packaging tools to be able to move
out of polyfills.
PHP multi version support is complicated. Users do what they want. And as a
maintainer of the tools, I have the angry
users to handle when the proper safeties and polyfills are not in place when
they decide to use another PHP version to run the tool/library packaged.
https://github.com/phpmyadmin/phpmyadmin/issues/17523 and
https://github.com/phpmyadmin/phpmyadmin/issues/17503 reflect that.
I will not be dropping the dependency on the polyfill because upstream is
requiring it, and because users will run the code on other versions.
And you can not even argue with the users, that will not understand. Upstream
says it supports PHP 7.4 so it does:
https://github.com/slimphp/Slim-Psr7/blob/1.6.x/composer.json#L31
And makes the polyfill required.
The users do not even know how things are packaged and will blame you for it
anyway.
Conclusion: I am not considering going blind about what users do with their
Debian and Ubuntu releases. They install tools from other sources. Ref: deb
sury for other PHP versions.
I hope you understand, maybe something can be done to ensure the code protects
itself for example adding a bit of code to abort execution when it's used on
another version that for example:
- The php constraint on composer.json
(https://github.com/slimphp/Slim-Psr7/blob/1.6.x/composer.json#L31)
- Or the Debian shipped version of PHP
Let me know your thoughts.
--
William
