Is there any way, to get a PHP 5.3 package for recent debian versions (i.e. wheezy) which is still getting security support?
There are legacy projects which depend on register_globals() - and while we all recommend to not use this, and upgrade to PHP 5.4, there are situation where this is not possible.
Is there any way, to get a PHP 5.3 package for recent debian versions (i.e. wheezy) which is still getting security support?
No - at least, only for a limited time™:
You have to use the previous debian release (in this case, squeeze) - php5.3 was the latest version in use there. Previous debian releases get security updates for one year after the the current release was promoted to stable.
So, this is more of a temporary, Band-Aid solution - unless you are running this internally, in a well controlled and secured network, in which case this might be under some circumstances acceptable for a some longer duration.
There are legacy projects which depend on
register_globals()- and while we all recommend to not use this, and upgrade to PHP 5.4, there are situation where this is not possible.
You should've gotten rid of these years ago. register_globals() was realized to be a rather stupid thing back in PHP 4.3 (!). I can't imagine any situation where this should be absolutely necessary - internet/public facing applications relying in this setting should've been refactored by now, and if it wasn't done because of "too much work", they would be well off to be rewritten from scratch anyway.
This leaves us only with human refusal and stubborness. In this case, the people refusing must be made responsible for their decision: Put them in charge of everything, for example, throw a box at the stubborn developer (not to be taken literally) and make him run his poor Application by himself. And fence the heck out of around this machine. This will still make the data handled by the app to be possibly exposed.
These days, really not a good idea.
