[onion2k]

I don't hate the programming language. PHP is a great language that I used for a decade before moving over to the frontend. I don't use it any more but I work in a company that does and I see good results when it's deployed. This is not about PHP (or Python, or Ruby, as they also have built-in httpd servers).

What I hate is the idea of putting something on a server that's going to make my life harder, or create more work for my team. I don't want the developers I work with having to give up their evenings or weekends to resolve issues and incidents that arose from things shouldn't have existed in the first place. That's why I don't want additional network services sneaking their way on to production. I should very easily be able to tell which applications on a server are listening to external traffic.

Maintaining good security is hard enough without language runtimes including things that should strictly only ever be a development dependency rather than a production dependency.

If there are pills I can take to make this problem go away, sign me up.

[Sysosmaster]

How does a feature of the Command line version of php impact developers? Developers should not run applications on production machines themselves (either its a script, a deployement agent / engine or a operations guy that does that work (including devops guy with operations)).

As for security you must keep up with the capabilities of the tools you use. Php has been able to run as a webserver for years (even before 5) all they did is implement a good sane dev server to run php code without setting up a complex php environment (that is probably less secure).