Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:80252 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 57089 invoked from network); 7 Jan 2015 15:52:05 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 7 Jan 2015 15:52:05 -0000 Authentication-Results: pb1.pair.com header.from=leight@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=leight@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.172 as permitted sender) X-PHP-List-Original-Sender: leight@gmail.com X-Host-Fingerprint: 74.125.82.172 mail-we0-f172.google.com Received: from [74.125.82.172] ([74.125.82.172:36242] helo=mail-we0-f172.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 6C/40-52242-2265DA45 for ; Wed, 07 Jan 2015 10:52:04 -0500 Received: by mail-we0-f172.google.com with SMTP id k11so1420601wes.3 for ; Wed, 07 Jan 2015 07:51:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=vXliSoEPEX0NP2dI2SbUk+t+Am0lxHcjdB9WUw4pTSU=; b=MOIKMQbuzO1YCM6D9eBglWlxm0K65TC95/LNzGNwQgcOzTLOb/FbVkgC/kMzOsGiUk QhV3LuzyCWXOfe4boxyntrmW+zezLTxgsISveXYXJM9uaoo3OSdMQB4ccI/Lxuoyo7K9 CoJ/fOp5kGh6iIVt+v9Ni4pAb+QgziEO+LvyEw7l1yEg7tDOhUBh8b1+myzIgiq8DB3o dcGg9egOQf55dGJ+unvC8hlfk+S3p9W/uD34xN0PaPkpnmJOm1gsrv8QQzOcG6T1RoF9 Kx5Qkigx6XlmtpsB9ZGTzp5mUSjow7f72wICE5EWjdRM09uDbjKagYixW0S9788Ga6Wg Qesw== MIME-Version: 1.0 X-Received: by 10.194.200.234 with SMTP id jv10mr7765897wjc.110.1420645918449; Wed, 07 Jan 2015 07:51:58 -0800 (PST) Received: by 10.216.50.139 with HTTP; Wed, 7 Jan 2015 07:51:58 -0800 (PST) In-Reply-To: References: Date: Wed, 7 Jan 2015 15:51:58 +0000 Message-ID: To: Scott Arciszewski Cc: "inter >> PHP internals" Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Idea for PHP.net From: leight@gmail.com (Leigh) On 7 January 2015 at 12:52, Scott Arciszewski wrote: > Hello, > > Would it be possible for php.net to publish a cryptographically signed > (e.g. openssl_sign() with a RSA private key kept offline) list in a > pre-defined location (e.g. /stable_versions.txt) so that scripts can be > written to read (and cache) the latest stable versions? > > I'm going to write a killswitch module that can be included in any PHP > project that basically does this: > > 1. fetch stable_versions.txt > 2. verify RSA signature > 3. check phpversion() and the stable versions listed > 4. are we running a stable PHP version? > 4-yes: cache result for 24 hours to prevent redundant lookups. > 4-no: kill script termination, explaining that PHP is out of date and > needs to be updated > > The idea is to remind and motivate the sysadmin to keep their software up > to date to prevent known security vulnerabilities from being exploited. > > If you are not okay with this, I'm going to write/publish the killswitch > configured to look at my own server. :) > > Scott Hi Scott, I already do something similar to this for some of my CI, ensuring tests pass on new versions of PHP. I use the following shell script snippet to check for new versions (If there's a diff I parse the output with PHP to find _which_ new version) git ls-remote -t https://github.com/php/php-src | cut -d '/' -f3 | grep -P '^php-5\.\d+\.\d+' | sort -V Maybe you can use this too. You can add an end assertion to the regex to omit RC/beta tags. Regards, Leigh.