Am 22.06.20 um 03:02 schrieb Valeri Galtsev: > > <bigsnip> > > This should hopefully explain that PHP version 5.6, even patched by > doing its best RedHat still may have undiscovered and not fixed bugs > with security implications. One can argue, the probability of that is > low. But there is no way to prove that there are none, the same as one > can not prove an opposite. AFAIK, RH proactively do eval and fuzzing on software packages and is an active reporter of security vulnerabilities to upstream projects. But what I wanted to say; with Appstreams in EL8 the life cycle changes drastically. AFAIK, everything outside of BaseOS repo does not have the 10 years support. PHP 73 support ends Nov 2021 in EL8 but its supported by the PHP.NET until 6 Dec 2021. Albeit not a big difference but shows the changed game rules. -- Leon