[vox-tech] Risks of upgrading past CentOS 6 supported PHP 5.4?

Wed Jun 1 21:51:56 PDT 2016

On 05/18/2016 08:58 PM, Dr. Larry Ozeran wrote:
> I am Googled out (repeatedly finding the same sites) and the impressive
> expertise on this list gives me high hopes that someone here has an
> answer or a reference.
>
> I have found many sites talking about how to upgrade from PHP 5.4 (which
> appears to be the last CentOS 6 supported version of PHP) to later
> versions using webtatic. [https://webtatic.com/packages/php55/] What I
> have been unable to learn are the risks of doing so.
>
> Does anyone know any downsides to using the webtatic PHP packages on
> CentOS 6?

I've seen many machines with ugly configurations related to cpanel, 
custom php installs (sometimes more than one), and fragile very hard to 
reproduce apache configurations.

Although I guess I shouldn't complain, they get hacked and I get consulting.

The main problem being that OS packages are upgraded regularly, if you 
build it yourself you really should be tracking the patches/upgrades for 
anything you compile your self daily or at least weekly.  In most 
environment that just isn't practical.

Normally I'd just recommend upgrading the OS when a major package is too 
old.  Sadly upgrading to CentOS 7 doesn't get you newer than PHP 5.4.16. 
  Pretty sad that CentOS 7 has a PHP from 2012.  Ubuntu 14.04 LTS 
includes 5.5.

Ubuntu 16.04 LTS include PHP 7.0.4.

So supporting a custom PHP or doing a major OS switch to a Debian (or 
derivative) could be a difficult decision.

I do suggest a full backup before you do anything, it could be quite 
painful if things go awry.  You didn't mention if it was a virtual 
server or physical.  If virtual it could be a fairly quick experiment to 
try any of your options without breaking the original.

Sorry, no easy answer from me.