How can I access the package repositories?
The package repositories are private. Only customers of the service have access to them. See the documentation for details on how you can access them.
On how many servers can I use the package repositories?
There’s no limit on the number of servers where you can use our packages, even if you opt only for the “basic” offer. However if you have many servers, you are strongly encouraged to use some caching system (like apt-cacher or approx) and/or opt for the “pro” offer and run a private mirror of our repository.
What if I want to share the packages with my customers, but I can’t afford the “pro” offer?
In that case, you should tell your customers to subscribe to the service by themselves. If you want to spare them this administrative work, you can take multiple “basic” subscriptions: we will hand you multiple access tokens and you should dedicate one for each of your customer.
What is the difference between Freexian and Debian packages?
The main difference is the supported PHP versions. On Debian, there’s only a single supported PHP version, but on Freexian, multiple co-installable PHP versions are provided from the Freexian repository.
The other difference is in the way how the PECL extensions are packaged. There’s a single package for Debian and multiple versioned packages in the Freexian PHP repository.
What is the default PHP version on Freexian?
The default PHP version that gets installed when you type f.e.
apt install php-fpm follows the latest upstream PHP version with some delay. The default PHP version is usually switched to the new stable PHP version after few months of grace period when all extensions are built, and people report success running the latest PHP version.
What is the difference between Freexian and DEB.SURY.ORG?
There are two differences. The main difference is that the Freexian PHP repositories are guaranteed and officially supported, and the DEB.SURY.ORG is provided on a best effort basis.
Then the technical difference is in the Debian releases supported. The Freexian PHP repositories offer packages for all Debian releases, including those who are supported through LTS and Extended LTS, and for all Ubuntu LTS releases, including those who are in Extended Service Maintenance via Ubuntu Pro. With Freexian, you are getting a broader selection of supported Debian releases.
If you are already familiar with DEB.SURY.ORG packages, you should have no trouble using Freexian PHP packages.
What security support is provided?
Upstream security and stability fixes, as applied to PHP stable releases, are backported to the Freexian LTS supported PHP releases. This is essentially the same support that upstream PHP provides for their upstream-supported releases, but continued long after upstream PHP stops supporting them.
We review and triage security issues regularly, and apply patches according to impact and compatibility with the older PHP releases. This is done on a best-effort basis. Where an issue is not fixable, mitigations may be recommended.
Many security updates come with regression tests to ensure that they are fixed. These are usually backported with the patch, ensuring its correctness and avoiding future regression.
This is the same level of security support as is provided for PHP packages within regular Debian stable releases, by the same team.
What are you doing to avoid regressions from security updates?
We run PHP’s full regression test suite before updating PHP in the repositories, to reduce the risk of regressions.
Where can I see a list of security issues?
Applied fixes are documented in the Debian changelog of the package. You
can see it in e.g.
/usr/share/doc/php-7.4/changelog.Debian.gz on a system
where the package is installed.
The CVEs and their triaging decisions are are not published in a structured form, at this time.
How long will you support PHP releases after their end-of-life?
When a PHP release has support funded, Freexian will provide security support for it for up to 5 years after its publication. This is typically two beyond end-of-life, upstream.
Customers who are funding security support will get 1 year of notice before we drop support for old releases.
If a customer funding support wants to extend it beyond these 5 years, we could possibly do that on a case-by-case basis. If you’re interested, please shoot us a mail at email@example.com and we can look into it.
How long will your support Debian 8?
We will provide packages for Debian 8 for as long as Debian 8 is supported through Freexian’s Extended Long Term Support, so most likely until June 2025 (depending on customers’ interest).
How to switch from Debian PHP packages to Freexian PHP packages?
Using the Freexian PHP packages should be as simple as adding the private APT repository and running
apt update. Then to install, for example, PHP 7.4, you would run
apt install php7.4 or
apt install phpX.Y-fpm. The only thing you must be aware of is the difference between the default versions. If you already have the
php-fpm package installed, the
apt dist-upgrade command will co-install the default PHP version and upgrade the currently installed version.
How to switch from DEB.SURY.ORG packages to Freexian PHP packages?
Switching the source of the PHP packages from DEB.SURY.ORG to Freexian is very simple. Just add the Freexian private repositories to the APT source lists and remove the DEB.SURY.ORG repository. The next
apt update && apt upgrade will update the packages to the Freexian PHP packages.
What PECL extensions are provided?
Initially, only selected PECL extensions are provided in the Freexian PHP repository. As a customer, you have an option to request the addition the PECL extensions to the private repository based on your subscription level.
Check out the list of supported extensions.
How are the PECL extensions packaged?
For every PHP release (5.6, 7.x and 8.x), there’s a matching
phpX.Y-<ext> package. In addition to that, for compatibility reasons, there’s a single
php-<ext> package that depends on all individual PECL packages.
Which architectures are supported?
We always provide packages for the amd64 and i386 architectures. We aim to also provide support for armhf and arm64 but that support is only available on a subset of the Debian or Ubuntu releases. Please contact firstname.lastname@example.org if you want to check whether a specific architecture is suppported for the releases that are of interest to you.
I have more questions. Where do I send them?
Please get in touch with us at email@example.com.