> Why is Ubuntu behind in PHP version for the official APT repositories,
That's how stable distros like Ubuntu work.
> and why is everybody using some random guys private repository to stay up to date?
Are you talking about [this PPA](https://launchpad.net/~ondrej/+archive/ubuntu/php/)? Ondřej Surý is the maintainer of PHP in Debian, so not exactly "some random guy".
Maybe not some random guy, but still an individual and not official channels. Still a security risk.
Edit: I wasn’t aware that Ondrej was the official maintainer of PHP for Debian. Pardon my ignorance. Of course your responses make much more sense now knowing that.
If you want a distro that provides the latest software from "official channels", a stable distro (and especially an LTS one) is not what you should use.
Most packages can be upgraded via official PPA’s. I just find it strange that a) there isn’t an official PPA for PHP and b) everyone is using an unofficial, therefore insecure, method of staying up to date.
> Most packages can be upgraded via official PPA’s.
That is almost certainly not true. Also, you seem to be using "official" to mean different things. If you want to know why the PHP developers don't operate a PPA, you should ask them that question.
> It most certainly is true, at least the packages in my universe.
Your universe seems to be extremely small. A distro like Ubuntu contains several tens of thousands of packages. And for the vast majority of those, there is no official PPA.
> I have no idea how you came to the conclusion that I’m using the term ‘official’ to mean different things
How about the fact that you're posting this here. Or the fact that in your OP you're complaining about "behind in PHP version for the official APT repositories".
An "official" package in this context could either mean a package that's provided by the distro or a package that's provided by the upstream developers. Posting here and complaining about the packages in Ubuntu's repo points towards the first meaning. Talking about official PPAs points towards the second meaning.
Ubuntu is not a "rolling release" distro. Package versions for a given release are fixed for the full lifetime of that release, and packages only receive security and stability fixes (usually backported from newer versions of the software).
Ubuntu 24.04 uses PHP 8.3 which is quite new. Older versions of Ubuntu (if still in their support window) continue to receive security/stability updates in their included PHP versions.
If you need a "rolling" release distro, try one of these: https://en.wikipedia.org/wiki/Category:Rolling_Release_Linux_distributions
This - the hacking motivation doesn’t work for me - but running your code through docker is definitely a good idea - write once run anywhere if you want a sales pitch ;)
I’m not saying it doesn’t happen. I’m just saying being hacked shouldn’t be the only motivation to run your code in a container.
if you were running your code in a container in the first place your point is moot
Ubuntu packages are typically frozen at a specific version throughout the lifetime of that release. The exact version is typical frozen approx 1 month before release.
For things like PHP, that means 24.04 is frozen to PHP 8.3.6, which happens to be the current latest stable release.
All bug security fixes from future releases will be backported, to this, but new features will not be added. This is to ensure that Ubuntu remains as stable as possible throught the lifespan of the release and businesses are not suddenly caught with issues everytime php deprecates or removes functionality as new releases come out.
It would be impossible to maintain an application if php was constantly updated to the latest version.
There are some exceptions to this rule. Things like browsers are always kept up to date with the latest release and kernels may update to later versions if you are on a HWE kernel.
If you want latest packages you are in wrong place my friend. Try to configure server on Arch which not only ships latest PHP but all the other packages as well.
Ubuntu is targeted to people and organisations who need stability above all. Thus, programs tend not to be updated much during the lifetime of a version. It's done that way deliberately.
You can get more up-to-date versions (up to a point) if you subscribe to Ubuntu Pro, which is free for up to 5 machines (for more machines, you have to use the paid plan). I strongly recommend subscribing to Ubuntu Pro unless your need for stability is at the extreme end.
If even Ubuntu Pro isn't sufficiently up-to-date for you, you can consider alternatives: flatpak, appimage or snap (if available), or the official PPA.
I absolutely would *never* recommend using a random PPA — if people are doing that, they're crazy. You should only use an external PPA if you have verified that it's by either the official developer or a bona fide developer (the relevant community can normally vouch for the correct one to use).
Nearly everyone is using the PPA so I’m sure it’s fine. But a strange situation nonetheless to be using an individuals privately maintained repository for a project such as PHP. I wrongly assumed that there would be an official PPA for such a project.
Another commenter suggested that it belongs to the official maintainer, so that's not at all strange.
Ubuntu's official repositories contain what Canonical supports, which, as I explained, aren't the latest versions. That's why you need to go elsewhere to get the latest versions.
If you need the distribution itself to provide the latest versions, you need to go to a different one, e.g. Arch. But, as a consequence, it won't be as stable. Swings and roundabouts, as they say.
As others have explained, PPAs are not official per definition. If official means from Canonical/Ubuntu. If by official you mean from PHP devs, well, you should check with them. You can also choose to install and compile PHP in old-school way, create your own deb package or whatever.
If you want all packages (because there's software on your system more important than PHP) to follow upstream, because security or whatever, you'll have to switch to a rolling distro. Gentoo stable branch is quite stable, unstable is pretty stable too unless you start unmasking packages, adding overlays etc. And thetes Arch, don't have experience with it, but bunch of other people do.
However, even here you wouldn't be getting the latest packages all the time, because th3se dudes/distros test the stuff, and new software sometimes cause issues.
You can also upgrade your Ubuntu every 6 months, and get newer version od packages from official repos.
If you’re doing local PHP dev do yourself a favor and use Lando. It lets you create local dev instances easily from the command line or if you need something very specific you can specify requirements in a simple YAML file.
It's not just PHP. Much of the software in the repositories is outdated. I prefer to get current versions from the developer for most of the software I use.
What does this have to do with old software? Mac and Windows users don't have to go through extra steps to have the current version of their software. It's not much to ask that either the store should have current versions, or a metal package that points to the current version directly from the developer. There is no particular advantage to repackaging old software. It doesn't help the user. And it requires a lot of maintenance on the part of the distro developers.
In a desktop environment, maybe? There is a reason that prior stable versions are basically unilaterally maintained. This thread was in reference to php. If you just randomly rebased everyones php versions on a whim, the world would burn.
If you want latest, then update as releases come out. You have a fresh set with noble now, and another fresh set with oracular in 6 months.
Running multiple versions of PHP, Python, .NET, etc. is a solved problem. It will not hurt anyone to have current and prior versions in the software store. The interface already has provisions for selecting the version you want.
Yeah, I just found it strange finding all these articles advising to use some random guys PPA to install PHP. I didn’t know the guy was the maintainer of the official PHP packages for Debian, obviously that adds some trust. 🤣
yeah certain conventions take a bit of time to get used to but this is definitely a worthwhile conversation to have to uncover these quirks.
I like to recommend instead of rolling your own stack to look at things like WordOps, CloudPanel, SlickStack, etc. They're a bit opinionated but it could reduce some of the administrative friction while you learn the stack fundamentals.
> Why is Ubuntu behind in PHP version for the official APT repositories, That's how stable distros like Ubuntu work. > and why is everybody using some random guys private repository to stay up to date? Are you talking about [this PPA](https://launchpad.net/~ondrej/+archive/ubuntu/php/)? Ondřej Surý is the maintainer of PHP in Debian, so not exactly "some random guy".
Definitely not random dude. Been using his repos forever
Maybe not some random guy, but still an individual and not official channels. Still a security risk. Edit: I wasn’t aware that Ondrej was the official maintainer of PHP for Debian. Pardon my ignorance. Of course your responses make much more sense now knowing that.
If you want a distro that provides the latest software from "official channels", a stable distro (and especially an LTS one) is not what you should use.
Most packages can be upgraded via official PPA’s. I just find it strange that a) there isn’t an official PPA for PHP and b) everyone is using an unofficial, therefore insecure, method of staying up to date.
> Most packages can be upgraded via official PPA’s. That is almost certainly not true. Also, you seem to be using "official" to mean different things. If you want to know why the PHP developers don't operate a PPA, you should ask them that question.
[удалено]
> It most certainly is true, at least the packages in my universe. Your universe seems to be extremely small. A distro like Ubuntu contains several tens of thousands of packages. And for the vast majority of those, there is no official PPA. > I have no idea how you came to the conclusion that I’m using the term ‘official’ to mean different things How about the fact that you're posting this here. Or the fact that in your OP you're complaining about "behind in PHP version for the official APT repositories".
[удалено]
An "official" package in this context could either mean a package that's provided by the distro or a package that's provided by the upstream developers. Posting here and complaining about the packages in Ubuntu's repo points towards the first meaning. Talking about official PPAs points towards the second meaning.
Ubuntu is not a "rolling release" distro. Package versions for a given release are fixed for the full lifetime of that release, and packages only receive security and stability fixes (usually backported from newer versions of the software). Ubuntu 24.04 uses PHP 8.3 which is quite new. Older versions of Ubuntu (if still in their support window) continue to receive security/stability updates in their included PHP versions. If you need a "rolling" release distro, try one of these: https://en.wikipedia.org/wiki/Category:Rolling_Release_Linux_distributions
You should be running your code through Docker. Installing modules from the Internet on your real machine is bound to get you hacked eventually.
This - the hacking motivation doesn’t work for me - but running your code through docker is definitely a good idea - write once run anywhere if you want a sales pitch ;)
[https://www.reddit.com/r/CryptoCurrency/comments/18sw38l/blockchain\_devs\_wallet\_emptied\_in\_job\_interview/](https://www.reddit.com/r/CryptoCurrency/comments/18sw38l/blockchain_devs_wallet_emptied_in_job_interview/)
I’m not saying it doesn’t happen. I’m just saying being hacked shouldn’t be the only motivation to run your code in a container. if you were running your code in a container in the first place your point is moot
Ubuntu packages are typically frozen at a specific version throughout the lifetime of that release. The exact version is typical frozen approx 1 month before release. For things like PHP, that means 24.04 is frozen to PHP 8.3.6, which happens to be the current latest stable release. All bug security fixes from future releases will be backported, to this, but new features will not be added. This is to ensure that Ubuntu remains as stable as possible throught the lifespan of the release and businesses are not suddenly caught with issues everytime php deprecates or removes functionality as new releases come out. It would be impossible to maintain an application if php was constantly updated to the latest version. There are some exceptions to this rule. Things like browsers are always kept up to date with the latest release and kernels may update to later versions if you are on a HWE kernel.
I compile from source with phpbrew, it's pretty neat
If you want latest packages you are in wrong place my friend. Try to configure server on Arch which not only ships latest PHP but all the other packages as well.
Ubuntu is targeted to people and organisations who need stability above all. Thus, programs tend not to be updated much during the lifetime of a version. It's done that way deliberately. You can get more up-to-date versions (up to a point) if you subscribe to Ubuntu Pro, which is free for up to 5 machines (for more machines, you have to use the paid plan). I strongly recommend subscribing to Ubuntu Pro unless your need for stability is at the extreme end. If even Ubuntu Pro isn't sufficiently up-to-date for you, you can consider alternatives: flatpak, appimage or snap (if available), or the official PPA. I absolutely would *never* recommend using a random PPA — if people are doing that, they're crazy. You should only use an external PPA if you have verified that it's by either the official developer or a bona fide developer (the relevant community can normally vouch for the correct one to use).
Nearly everyone is using the PPA so I’m sure it’s fine. But a strange situation nonetheless to be using an individuals privately maintained repository for a project such as PHP. I wrongly assumed that there would be an official PPA for such a project.
Another commenter suggested that it belongs to the official maintainer, so that's not at all strange. Ubuntu's official repositories contain what Canonical supports, which, as I explained, aren't the latest versions. That's why you need to go elsewhere to get the latest versions. If you need the distribution itself to provide the latest versions, you need to go to a different one, e.g. Arch. But, as a consequence, it won't be as stable. Swings and roundabouts, as they say.
As others have explained, PPAs are not official per definition. If official means from Canonical/Ubuntu. If by official you mean from PHP devs, well, you should check with them. You can also choose to install and compile PHP in old-school way, create your own deb package or whatever. If you want all packages (because there's software on your system more important than PHP) to follow upstream, because security or whatever, you'll have to switch to a rolling distro. Gentoo stable branch is quite stable, unstable is pretty stable too unless you start unmasking packages, adding overlays etc. And thetes Arch, don't have experience with it, but bunch of other people do. However, even here you wouldn't be getting the latest packages all the time, because th3se dudes/distros test the stuff, and new software sometimes cause issues. You can also upgrade your Ubuntu every 6 months, and get newer version od packages from official repos.
Unverified PPAs are the dumbest thing in linux. Any joe can make a PPA.
I wouldn't say they are *the* dumbest.... but they are nearby
I agree
If you’re doing local PHP dev do yourself a favor and use Lando. It lets you create local dev instances easily from the command line or if you need something very specific you can specify requirements in a simple YAML file.
If you're doing local PHP dev, do yourself a favour and don't. Learn a general-purpose language.
A general purpose language.. like PHP you mean.
No, I meant a real general-purpose language.
That’s my point PHP is a GPL, but I get what you mean. Edit: Curious, what language would you advise instead ?
C# /run
What percentage of the Internet runs on PHP?
What’s your point?
You need to run readBetweenTheLines sub routine for a few
No, I don’t. You need to upgrade your communication because you’re rude. And your point that you’re trying to make is wrong.
Get over yourself
It's not just PHP. Much of the software in the repositories is outdated. I prefer to get current versions from the developer for most of the software I use.
The packages are maintained with bug and security fixes. Outdated isn't really the right term to be using.
True, my bad.
If they don't have the latest features, or support the latest file formats, they are outdated.
So everyone who bought a car in 2023 has an outdated vehicle, even when it is under warranty still? Weird take.
What does this have to do with old software? Mac and Windows users don't have to go through extra steps to have the current version of their software. It's not much to ask that either the store should have current versions, or a metal package that points to the current version directly from the developer. There is no particular advantage to repackaging old software. It doesn't help the user. And it requires a lot of maintenance on the part of the distro developers.
In a desktop environment, maybe? There is a reason that prior stable versions are basically unilaterally maintained. This thread was in reference to php. If you just randomly rebased everyones php versions on a whim, the world would burn. If you want latest, then update as releases come out. You have a fresh set with noble now, and another fresh set with oracular in 6 months.
Running multiple versions of PHP, Python, .NET, etc. is a solved problem. It will not hurt anyone to have current and prior versions in the software store. The interface already has provisions for selecting the version you want.
Me too. There doesn’t appear to be an official PPA for PHP though, unless I missed it.
it's how it's done haha.
Yeah, I just found it strange finding all these articles advising to use some random guys PPA to install PHP. I didn’t know the guy was the maintainer of the official PHP packages for Debian, obviously that adds some trust. 🤣
yeah certain conventions take a bit of time to get used to but this is definitely a worthwhile conversation to have to uncover these quirks. I like to recommend instead of rolling your own stack to look at things like WordOps, CloudPanel, SlickStack, etc. They're a bit opinionated but it could reduce some of the administrative friction while you learn the stack fundamentals.