PEAR server is down
A security breach has been found on the http://pear.php.net webserver, with a tainted go-pear.phar discovered. The PEAR website itself has been disabled until a known clean site can be rebuilt. A more detailed announcement will be on the PEAR Blog once it's back online.
Edit: Horde, which was the dependent, has resolved. While PEAR is still down, the PEAR distribution bundled with apnscp is a separate release bundled with PHP mainline and not part of the breach. Few circumstances would necessitate downloading go-pear.phar off pear.php.net. This bears warning to heed following guides online, including this one. Always ask whether certain steps are necessary to maximize safety online.
This affects provisioning a pristine apnscp environment. Disable Horde until this is resolved. It can be disabled at installation time or with cpcmd
During installation:
curl https://raw.githubusercontent.com/apisnetworks/apnscp-bootstrapper/master/bootstrap.sh | bash -s - -s enable_horde=false
After installation fails:
cpcmd config_set apnscp.bootstrapper enable_horde false
upcp -b
PEAR is a repository for PHP libraries and applications managed by the PHP development team. It is unclear at this time when PEAR will be back up. Updates will be posted as they're known.
