Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:24209
Return-Path: <dirk@haun-online.de>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 60562 invoked by uid 1010); 25 Jun 2006 09:42:25 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 60547 invoked from network); 25 Jun 2006 09:42:25 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 25 Jun 2006 09:42:25 -0000
X-PHP-List-Original-Sender: dirk@haun-online.de
X-Host-Fingerprint: 80.67.18.44 smtprelay06.ispgateway.de Linux 2.4/2.6
Received: from ([80.67.18.44:46268] helo=smtprelay06.ispgateway.de)
	by pb1.pair.com (ecelerity 2.1.1.3 r(11751M)) with ESMTP
	id FC/5A-02438-E7A5E944 for <internals@lists.php.net>; Sun, 25 Jun 2006 05:42:23 -0400
Received: (qmail 10085 invoked from network); 25 Jun 2006 09:42:19 -0000
Received: from unknown (HELO [192.168.0.100]) (050981@[84.161.53.29])
          (envelope-sender <dirk@haun-online.de>)
          by smtprelay06.ispgateway.de (qmail-ldap-1.03) with SMTP
          for <internals@lists.php.net>; 25 Jun 2006 09:42:19 -0000
To: <internals@lists.php.net>
Date: Sun, 25 Jun 2006 11:38:59 +0200
Message-ID: <20060625093859.26255@smtp.haun-online.de>
X-Mailer: CTM PowerMail version 5.2.3 build 4406 German
 <http://www.ctmdev.com>
Organization: Terra Software Systems
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Subject: Status of PHP 4.4.3?
From: dirk@haun-online.de ("Dirk Haun")

Hi,

I'm wondering what happened to the planned release of PHP 4.4.3. The
original release date (May 30th) has long passed and I haven't seen any
response to Pierre's recent questions about the status of the release.
=46rom what I can see[1], no new release candidates were released either.
Are there any issues preventing this release from happening=3F If so, I
haven't seen them mentioned here.

=46rankly, I find that kind of worrying. PHP 4.4.3 is supposed to fix a
number of security issues that were fixed in PHP 5 eight weeks ago. Many
of our users are still running on PHP 4 which means that they are all
vulnerable and can't do anything about it (usually because their hosting
services don't want to upgrade to PHP 5 for one reason or another).

PHP has been criticised a lot for its security issues in the past, but
it has gotten a lot better over the recent months, thanks to all of your
hard work. Please don't put that at risk by delaying what can only be
described as a critical security update.

If I may add: Sometimes, discussions on this list give the impression
that at least some of you would rather stop developing PHP 5 and move on
to PHP 6 ASAP. While I can understand how attractive this must be,
please don't forget that a lot of us out there in the "real world" are
still dealing with PHP 4, legacy code, and hosting services that don't
even want to upgrade to PHP 5 just yet for fear of breaking their
customer's applications.

So unless the proverbial killer application comes along that makes
everybody switch to PHP 5 by the end of the week, please take into
account that it's not looking like PHP 4 will go away anytime soon, as
much as you may want to leave it behind.

Please note that this is not meant as a "PHP sucks" or "PHP's security
sucks" comment. This is just a friendly reminder that there are people
out there that are still deploying applications that will have to run on
PHP 4 and a plea for not neglecting that part of your user base.

Thanks for your attention.

regards,
Dirk Haun
(Maintainer, Geeklog 1.x)

[1] We're one of the projects on the PhP4zy list; in fact, PHP 4.4.3RC1
is installed on the machine I'm posting this from.


-- 
http://www.geeklog.net/
http://geeklog.info/