Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:80251
Return-Path: <kobrasrealm@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 48624 invoked from network); 7 Jan 2015 12:53:00 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 7 Jan 2015 12:53:00 -0000
Authentication-Results: pb1.pair.com header.from=kobrasrealm@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=kobrasrealm@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.212.181 as permitted sender)
X-PHP-List-Original-Sender: kobrasrealm@gmail.com
X-Host-Fingerprint: 209.85.212.181 mail-wi0-f181.google.com  
Received: from [209.85.212.181] ([209.85.212.181:62176] helo=mail-wi0-f181.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 6E/93-17382-A2C2DA45 for <internals@lists.php.net>; Wed, 07 Jan 2015 07:52:59 -0500
Received: by mail-wi0-f181.google.com with SMTP id r20so1535873wiv.8
        for <internals@lists.php.net>; Wed, 07 Jan 2015 04:52:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=8Wk3AlYY9FvkFh9O6UzlcDwoXscc/XmIxja0v5tbYzc=;
        b=g43Q7Kj3cuhBw4iS0n3Mp2chMLHOkelrmnEaqSze4FqYp0iTEuJOkbAjg0q/FA9oPA
         mU3VcAS5lWgxVZJ6gNxKq74A1Bc+NyttmgutRpiHTVn2qN4DpkGWQb4cndTU+hGr3zRx
         YIDHdgfxVb1wrmZF+eTmlbfyr7XmIHPQnbznTBtplwbgkWyipwoGkNCX4m5PTUClh9md
         cFhmn8gFlY9z5pF1KzwtKFyEXFt1FV5Y1L0u5ZLsSz5hln3AOQAX7MUuVUf3fItcd45Z
         Z1aywgYv5mJAkZQyk6mD9cLK+t/IgFYgGOAoBtJmCKKCNuKsE79tJEi60+OsVLEe1qLS
         EIzA==
MIME-Version: 1.0
X-Received: by 10.194.200.1 with SMTP id jo1mr6297796wjc.64.1420635175105;
 Wed, 07 Jan 2015 04:52:55 -0800 (PST)
Received: by 10.27.179.137 with HTTP; Wed, 7 Jan 2015 04:52:55 -0800 (PST)
Date: Wed, 7 Jan 2015 07:52:55 -0500
Message-ID: <CAPKwhwvhCvRD_-fFgwZO3SB0hCu=+6sj3NbnkCih1-w+X-qNRA@mail.gmail.com>
To: "inter >> PHP internals" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=047d7b87501cf7be68050c0f66e4
Subject: Idea for PHP.net
From: kobrasrealm@gmail.com (Scott Arciszewski)

--047d7b87501cf7be68050c0f66e4
Content-Type: text/plain; charset=UTF-8

Hello,

Would it be possible for php.net to publish a cryptographically signed
(e.g. openssl_sign() with a RSA private key kept offline) list in a
pre-defined location (e.g. /stable_versions.txt) so that scripts can be
written to read (and cache) the latest stable versions?

I'm going to write a killswitch module that can be included in any PHP
project that basically does this:

1. fetch stable_versions.txt
2. verify RSA signature
3. check phpversion() and the stable versions listed
4. are we running a stable PHP version?
    4-yes: cache result for 24 hours to prevent redundant lookups.
    4-no: kill script termination, explaining that PHP is out of date and
needs to be updated

The idea is to remind and motivate the sysadmin to keep their software up
to date to prevent known security vulnerabilities from being exploited.

If you are not okay with this, I'm going to write/publish the killswitch
configured to look at my own server. :)

Scott

--047d7b87501cf7be68050c0f66e4--