I’m kind of new to Docker, but I’ve recently been given a lot of projects running old PHP software (5.4-5.6), and have had a lot of trouble getting them running on modern hardware and software. Sure it’s tortuous fun to try to find and get old or insecure libraries to compile and work (hopefully without compromising your computer), but because our Giant Employing Corporation (GECko) won’t let us upgrade, we’re having to build our dev boxes locally from junkyards.

I’d prefer to just set up Docker containers for these old repos so that any new developer can easily spin them up… but I’m not sure how feasible or even secure this is currently.

For instance, I can find various existing Docker containers with PHP 5.4 or 5.6, but considering I don’t know what’s actually on them, that could be a security risk. Otherwise I build my own containers and run whatever commands or scripts I need to to “install” the old outdated software on them from the internet… if they’re still available from authoritative sources (like php.net etc) even if I have to compile binaries.

Can you drop your knowledge or speculation or hunch on this? To clarify, my concerns are twofold: how trustworthy should we consider existing containers of old PHP software, and what’s the feasibility of creating them with the way PHP 5’s required libraries are nowadays?