I'm using PHP 5.3 and need to remain on PHP 5.3 for the foreseeable future. Please don't suggest upgrading — for my setup, it's simply not possible at this stage.
I'm currently evaluating which OS to choose for my new server. I'd prefer to use Debian Wheezy (on which I'd leverage apt's pinning system to pull PHP 5.3 packages from Squeeze), but the latest Ubuntu LTS includes PHP 5.3 and is supported until 2017.
Here's what I'm wondering: PHP 5.3 goes EOL in less than a year. When it's abandoned, will Canonical abandon it as well, or will they backport security fixes from PHP 5.4+ (where applicable) until 2017?
Best Answer
PHP is in the main repository.
and supported for 5 years:
Canonical's definition for software in this repository is:
So, yes, the policy is to provide security updates to PHP for five years, independently of what PHP is doing. This is not unique to Canonical, but also Red Hat, Debian and other distributions backport security patches for newer versions.
I don't think that point releases of Ubuntu LTS will upgrade to PHP 5.4 - it may be available as a separate package though. See also What are point releases in LTS versions?