We currently import the php7.2 packages from an external repo and sync them to thirdparty/php72 (complemented with internal builds in component/php72). That worked fine for the initial import, but the latest packages have switched to versions of pcre3 and libzip which are not in stretch (but also part of the external repo). This is problematic, as it complicates updates a lot (we need to be extra careful that not new external dependencies trickle in) and also causes problems on our app servers where we co-host PHP7 and HHVM at the moment. One particular problem I ran into when doing initial tests on a deployment-prep app server is that the new libpcre packages from the external repo use the new style dbgsym mechanism while the existing HHVM debs are using the stock libpcre3-dbg from stretch. This could be fixed with a new HHVM build, but still causes some churn.
In the end using the verbatim debs from the external repo causes more work than also building php7.2 in component/php72, this way we ensure that the Stretch-specific versions of libraries are used and there's less impact on HHVM.