Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:64680
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 22349 invoked from network); 8 Jan 2013 13:25:15 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 8 Jan 2013 13:25:15 -0000
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.217.179 as permitted sender)
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.217.179 mail-lb0-f179.google.com  
Received: from [209.85.217.179] ([209.85.217.179:52229] helo=mail-lb0-f179.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 9D/47-16636-93E1CE05 for <internals@lists.php.net>; Tue, 08 Jan 2013 08:25:14 -0500
Received: by mail-lb0-f179.google.com with SMTP id gm13so375795lbb.10
        for <internals@lists.php.net>; Tue, 08 Jan 2013 05:25:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type:content-transfer-encoding;
        bh=FVF4gTp/qB8x/Qzcw9YvCmEdXQxmknT8nuU69Cc4CL8=;
        b=oCMnNpgrpOpqk1ZajEztqUOuqvs+F7RHejPY7fII/aOKfsiW6EJq9dNtdSqWAntXoo
         C4nu3uqxsMVriFcN5JKUJWasyfmHoiAxZP/IuQeQaojkhmGtVu76xkk8uMJ+uFxiW8xw
         15TG7lIYCd/D/E1aAMYZLmN1Y+DNyE8R4gN+Zg8wrvF3Dt11COLBIWa2WcM1Yfb/ksJL
         M/rFXoMW7m2oKB/7Oo0vc79gWmvCkpIksNvuW/0j+zfI03IBNlLDeqI759sv0ZaCOIPx
         a8MPFABAB6WOYmRtEJaDcDrY7ZJY39DlQA1A/HL3+6Zrv7wGkicca5iGCpwTK2VqQRQp
         r/1g==
MIME-Version: 1.0
Received: by 10.152.109.139 with SMTP id hs11mr62238743lab.13.1357651510396;
 Tue, 08 Jan 2013 05:25:10 -0800 (PST)
Received: by 10.112.127.230 with HTTP; Tue, 8 Jan 2013 05:25:10 -0800 (PST)
In-Reply-To: <1357651107.1889.1280.camel@guybrush>
References: <CAEZPtU4gEsLVnOv-CUk5c4qqQGLf_Q-4cmHoOo81E6HG8Xsb7Q@mail.gmail.com>
	<CAKOpQSzutTaMZm6z1Ut-x-o45Gy5bXfaqzw-5OOx1cw-Xj+6Bg@mail.gmail.com>
	<CAEZPtU7SOdiwy5NJvjHj-yLPLerY6YXM95iKW9BSM6LYE1HhvQ@mail.gmail.com>
	<CCCC6F2C-38D7-4FBD-953E-35DAEA9C0D5A@zerocue.com>
	<CAEZPtU6TN7H9MxPz6U0QMptUC98AfjV-DtEiGHCksGS=R3cCKA@mail.gmail.com>
	<1357651107.1889.1280.camel@guybrush>
Date: Tue, 8 Jan 2013 14:25:10 +0100
Message-ID: <CAEZPtU6GZm+4iXO2EWKaV9JG7=eHW+hGoOWU64csAq7W0bQqig@mail.gmail.com>
To: =?ISO-8859-1?Q?Johannes_Schl=FCter?= <johannes@schlueters.de>
Cc: Clint Priest <cpriest@zerocue.com>, Kris Craig <kris.craig@gmail.com>, 
	PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] [RFC][discussion] 5.3 EOL
From: pierre.php@gmail.com (Pierre Joye)

On Tue, Jan 8, 2013 at 2:18 PM, Johannes Schl=FCter
<johannes@schlueters.de> wrote:

> Separating the two questions is "strange" and can lead to unintended
> results. They should be combined into one. Example assumption: 50%+1
> vote for "One year with security fixes only" but are split between "With
> the next PHP 5.3 release" and "Right after the end of this vote"

Not sure to see where is the issue here. One is about how long we want
to support 5.3 and how, and the other is when this phase will begin.

> Whereas 50%-1 vote for "Two years, one normal fixes and one security
> fixes only" and "With the PHP 5.5 final release"
>
> Then the winner will be "One year with security fixes only" and "With
> the PHP 5.5 final release" which probably wasn't intended by the
> majority.

Good point but not sure how to do it without clutter the 1st part... I
thought that 1st choosing which option and then when to begin (that
does not change the 1st option but when one thinks it is a good time
to announce&begin it).

> Aside from that: I don't think we need "the PHP Security team" to review
> all things, sometimes individual developers can make the choice, too.

It is not what it said, but if the security team defines something as
a security issue.

> And in my opinion this should be more "fluent" where the bar for
> "criticalness" is set higher and higher, instead of suddenly basically
> stopping.

Right, common sense applies here. We both know that.

> In the end we have to deal with two things: On the one side we have
> users, they want a stable platform, they can rely on, without functional
> changes. Many people I talk to don't care much about small bugs with
> easy workarounds, but they care for simple risk-free updates for
> security things (which btw. is a reason why many use distribution
> packages not php.net's)

Same here.

> On the other side are developers, who nowadays have to test 4 branches
> for each essentially trivial fix. This makes the process to verify a
> patch more annoying than it should be. Given that most here are
> volunteers the barrier shouldn't be set too high.

If sec only option is chosen, we should not see too many releases but
every 2-3 months.

> But we've been through this and the both of us won't come to agreement.

We do, but we are not alone. I am for one for two years sec only.

Cheers,
--
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org