Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:58477
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 50777 invoked from network); 2 Mar 2012 13:00:55 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 2 Mar 2012 13:00:55 -0000
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.170 as permitted sender)
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.213.170 mail-yx0-f170.google.com  
Received: from [209.85.213.170] ([209.85.213.170:40763] helo=mail-yx0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 82/FD-11220-684C05F4 for <internals@lists.php.net>; Fri, 02 Mar 2012 08:00:54 -0500
Received: by yenl5 with SMTP id l5so812444yen.29
        for <internals@lists.php.net>; Fri, 02 Mar 2012 05:00:51 -0800 (PST)
Received-SPF: pass (google.com: domain of pierre.php@gmail.com designates 10.236.178.72 as permitted sender) client-ip=10.236.178.72;
Authentication-Results: mr.google.com; spf=pass (google.com: domain of pierre.php@gmail.com designates 10.236.178.72 as permitted sender) smtp.mail=pierre.php@gmail.com; dkim=pass header.i=pierre.php@gmail.com
Received: from mr.google.com ([10.236.178.72])
        by 10.236.178.72 with SMTP id e48mr13203965yhm.28.1330693251361 (num_hops = 1);
        Fri, 02 Mar 2012 05:00:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=feB5IGuxHy8Kisj1G7ngACeDawYXgSCNJ0yYsqM4GPc=;
        b=JfjKYurfw/LhPAA9AYVrihajAiTYM2EkyYDGNg4LERx8OEwlb+0KIzd/i0snUjcWT1
         Uode3UnL6RcUCnbkNCvzzD7LAaRMnJp4y+iL196+KkWe/sh2s5Ub+vWxvXEDz4gJ1+5c
         ccDA1xa/QidTAjsYOEOSeWm/gWV9DQyP+SGiW/bG3B0uyhCCvMv6ZJrrkzEhz08lrBf3
         9tNLxODXbRUB1IHdAttHyOR7ayjk92Tk9xmjvAQPlmtm8UT1Ig8heAQIuMD+x7xuvg4f
         pG/KJZoPhAa53BxIVMuSbO3JNr4MLOUxTQk0q0M9qJi7s3FePJxI6lw7HRL+jUbIxjIx
         5CkA==
MIME-Version: 1.0
Received: by 10.236.178.72 with SMTP id e48mr10438770yhm.28.1330693251304;
 Fri, 02 Mar 2012 05:00:51 -0800 (PST)
Received: by 10.146.221.14 with HTTP; Fri, 2 Mar 2012 05:00:51 -0800 (PST)
In-Reply-To: <op.wajnk8ssidpuyk@slws007.slhq.int>
References: <CAEZPtU7qpMr9ZTX=+NDus05WA2RZ9A3rWNnHSr8WOBXjqbp4VQ@mail.gmail.com>
	<op.wajnk8ssidpuyk@slws007.slhq.int>
Date: Fri, 2 Mar 2012 14:00:51 +0100
Message-ID: <CAEZPtU7R0hgW+7CEzUzu4k+qmjSe7i8xN_pfbkcsHna4Ua76MA@mail.gmail.com>
To: Gustavo Lopes <glopes@nebm.ist.utl.pt>
Cc: PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] [RFC] discussions, about a 5.3 EOL
From: pierre.php@gmail.com (Pierre Joye)

On Fri, Mar 2, 2012 at 1:56 PM, Gustavo Lopes <glopes@nebm.ist.utl.pt> wrote:

> I'd go with another option:
>
> One year of bug fixes, one year of security fixes and bug fixes that are
> trivial to backport.

Won't work. It is then two years bug fixing.

The idea of security only is to reduce both the amount of work and the
risk to break it inadvertently.

> The truth is most of the time is less trouble to just merge the fix to
> oldstable than
> 1) determine if the bug is possibly exploitable
> 2) ask the RM for approval

One has to do both anyway already. We have to request CVE for security
issues and to ask RM for invasive fixes.

Cheers,
-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org