Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:42184
Return-Path: <ilia@prohost.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 8074 invoked from network); 8 Dec 2008 21:19:39 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 8 Dec 2008 21:19:39 -0000
Authentication-Results: pb1.pair.com header.from=ilia@prohost.org; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=ilia@prohost.org; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain prohost.org from 74.125.46.28 cause and error)
X-PHP-List-Original-Sender: ilia@prohost.org
X-Host-Fingerprint: 74.125.46.28 yw-out-2324.google.com  
Received: from [74.125.46.28] ([74.125.46.28:55726] helo=yw-out-2324.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 7A/73-21816-A6F8D394 for <internals@lists.php.net>; Mon, 08 Dec 2008 16:19:39 -0500
Received: by yw-out-2324.google.com with SMTP id 5so561471ywb.83
        for <internals@lists.php.net>; Mon, 08 Dec 2008 13:19:38 -0800 (PST)
Received: by 10.65.38.12 with SMTP id q12mr3206210qbj.60.1228771178014;
        Mon, 08 Dec 2008 13:19:38 -0800 (PST)
Received: from ?192.168.1.111? (TOROON63-1176059019.sdsl.bell.ca [70.25.60.139])
        by mx.google.com with ESMTPS id 9sm11086573qbw.35.2008.12.08.13.19.35
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Mon, 08 Dec 2008 13:19:36 -0800 (PST)
To: Marcus Boerger <helly@php.net>
In-Reply-To: <38643451.20081208215354@marcus-boerger.de>
X-Priority: 3 (Normal)
References: <1228751251.3429.18.camel@goldfinger.johannes.nop> <057E0647-DE8E-4ACD-B5D5-2D2289B168CD@prohost.org> <38643451.20081208215354@marcus-boerger.de>
Message-ID: <32608D49-CB57-424A-8D6B-7CBE39669E16@prohost.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed; delsp=yes
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Mon, 8 Dec 2008 16:19:32 -0500
Cc: =?ISO-8859-1?Q?Johannes_Schl=FCter?= <johannes@php.net>,
 PHP Internals List <internals@lists.php.net>,
 Hannes Magnusson <bjori@php.net>
X-Mailer: Apple Mail (2.929.2)
Subject: Re: [PHP-DEV] About dropping magic_quotes in 5.3 (was: Re: [PHP-DEV] Re: PHP 5.2.7 + magic_quotes_gpc broken)
From: ilia@prohost.org (Ilia Alshanetsky)

How would that model relate to patch, minor, major release schemes we =20=

have right now. What you are proposing works for linux, where there is =20=

only one "branch" and they can effectively do the odd/even approach. =20
But, what would it mean for PHP and our current versioning schema?


On 8-Dec-08, at 3:53 PM, Marcus Boerger wrote:

> Hello Ilia,
>
>  given our current development model I completely agree. Thus I =20
> would like
> to change it as described earlier. I am convinced that only =20
> following the
> even=3Dstable & odd=3Ddev/testing model allows for longer =
maintenanance =20
> cycles
> and fast development at the same time.
>
> marcus
>
> Monday, December 8, 2008, 8:11:03 PM, you wrote:
>
>
>> In my opinion a big change like droping something that was and still
>> used by many people are a "security measure", albeit a poor one is
>> something that can only be done in a major release.
>
>> On 8-Dec-08, at 10:47 AM, Johannes Schl=FCter wrote:
>
>>> Hi,
>>>
>>> let's take this to a new thread so it'S not hidden in other
>>> discussions:
>>>
>>> On Mon, 2008-12-08 at 16:06 +0100, Hannes Magnusson wrote:
>>>>> I do not think it is necessary for 5.3. It is an alpha release =20
>>>>> after
>>>>> all and seriously, anyone who plans to move to 5.3.0 and still
>>>>> relies on magic quotes gpc is likely to have more issues as well.
>>>>
>>>> Time to turn it off by default then?
>>>
>>> Getting rid of magic_quotes would be really nice but has a very big
>>> "BUT".
>>>
>>> Many things (I won't call it "applications" or something...) out =20
>>> there
>>> are accidentially more or less safe due to magic_quotes. Many of =20
>>> these
>>> things were written by people with, at most, basic understanding of
>>> the
>>> what they are doing and now are running at some random hosting =20
>>> company
>>> on a $9.99/year (no idea what today's prices are)
>>>
>>> When dropping magic_quotes the hosting company can do one of two
>>> things:
>>>
>>> a) not update to 5.3 so we either have to maintain 5.2 for some time
>>> or
>>> let them have problems
>>>
>>> b) update to 5.3. Doing that means they break many of there =20
>>> customer's
>>> code. Now they could add a default filter to add quotes again, =20
>>> what's
>>> the win? Except that it will break magic_quotes-compatible code and
>>> makes it harder to detect?
>>>
>>> People won't fix the code - the code was "developed" by some web
>>> design
>>> company 5 years ago and nobody touches the site anymore and =20
>>> there's no
>>> maintenance contract between the design company and the site owner
>>> anymore...
>>>
>>> The only way I see for getting rid of magic_quotes is with a version
>>> which will require people to touch the code anyways and with a big
>>> "marketing campaign" so I think PHP 6 is a way better time for that
>>> even
>>> so I'm really annoyed by it when doing stuff myself...
>>>
>>> Comments and other views are welcome,
>>> johannes
>>>
>>>
>>> --=20
>>> PHP Internals - PHP Runtime Development Mailing List
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>
>
>> Ilia Alshanetsky
>
>
>
>
>
>
>
>
> Best regards,
> Marcus
>

Ilia Alshanetsky