Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:89647
Return-Path: <zeev@zend.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 14069 invoked from network); 6 Dec 2015 12:38:15 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 6 Dec 2015 12:38:15 -0000
Authentication-Results: pb1.pair.com header.from=zeev@zend.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=zeev@zend.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain zend.com designates 209.85.213.42 as permitted sender)
X-PHP-List-Original-Sender: zeev@zend.com
X-Host-Fingerprint: 209.85.213.42 mail-vk0-f42.google.com  
Received: from [209.85.213.42] ([209.85.213.42:34814] helo=mail-vk0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 39/82-08340-63C24665 for <internals@lists.php.net>; Sun, 06 Dec 2015 07:38:14 -0500
Received: by vkbs1 with SMTP id s1so88844438vkb.1
        for <internals@lists.php.net>; Sun, 06 Dec 2015 04:38:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=zend-com.20150623.gappssmtp.com; s=20150623;
        h=from:references:in-reply-to:mime-version:thread-index:date
         :message-id:subject:to:content-type;
        bh=6VKPtRkVJe7eia93ZAJuxiC8bbHZGE4oTKJsGL5wLTE=;
        b=dvSn1hpXUyM1jMzVELf/d0UhvH8Z/i4PDZYbUaFPucVcunYV5Auo6KzSg3oW3AXmcF
         moXnaJ0mxq0sLjE37DdmdfvIKkEq8RqUkf6rqobU2cTaD1CpaGk8AHCDDc2J5wmOldpk
         srXVKaZtLMFDxsCxtxTjQhz1cVeo+oWniViQr3TJtOiLWWZfHgCkjikoSBTkGg1BDern
         RPBN8+xyVWzOJd3cZh3paMVrUVjQqgT5xlhSI/XqI/J3BAQ1J2NxG+IOHvuwf2uUxIH2
         9lRA40X6/t3OR9or3CPpqPJ8BC8mvbjztHrlixRYR3h6iiatcLubcqvAZ2AZ5GCbR4Ho
         FNYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:from:references:in-reply-to:mime-version
         :thread-index:date:message-id:subject:to:content-type;
        bh=6VKPtRkVJe7eia93ZAJuxiC8bbHZGE4oTKJsGL5wLTE=;
        b=Vlk9SAy1NinJbiiu/jcPGQJxtGIwHVL8SxlJ0l20jxdNlKO0RjPsXliziuKK8MPSz0
         vWX+zqRBiL1tn+LVeH7OTZboHBOHgzueAIlzOZd3CLdvqi5eT4jJIIAQeylENsAzee8n
         qlr0lw+/Dwe0wa91wXZN4pyrpDO3F4m/UUEcn1jFShewtJh84ocgtn4nlVsJ1p5u0qOJ
         f09eGWiKGAMUqlIvZIHWPYwntc16/9J8xldFIpbBiV1tXYQBXogKS5to927R6mARXv3N
         huwbpmvFgveZY+6JYD9thNCfQ/i3FhnqB4k5DCYhmJZr4mIrK6wqNF0SVkuoVLFPklBT
         AoWg==
X-Gm-Message-State: ALoCoQn0y1ZoWqtP6tPxi/mFpN/WbDpkb3aY06C1wIOvFx9pWg+ec1rWhQK/N++yec2hiHIzHEk8JcwUFWxQDCm+bKq9hYkOD4H//P3B/IpgoMD36q3AyfmISXkY7EOcVKqX1na1qRtJmP2SJDnNNFT5w8Gwlcyb4NzTBglAi/j0RMyStXxuLAc=
X-Received: by 10.31.47.204 with SMTP id v195mr17710446vkv.119.1449405491756;
 Sun, 06 Dec 2015 04:38:11 -0800 (PST)
References: <d7986bddhrs5d7o2c6r42g6h9to3au5kq0@4ax.com>
In-Reply-To: <d7986bddhrs5d7o2c6r42g6h9to3au5kq0@4ax.com>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHgh9Y9UJHbSHpdKU+NswaLC82f256fMjSA
Date: Sun, 6 Dec 2015 14:38:10 +0200
Message-ID: <90c8ecbc29f8a40a2430306b807a169e@mail.gmail.com>
To: Jan Ehrhardt <phpdev@ehrhardt.nl>, internals@lists.php.net
Content-Type: text/plain; charset=UTF-8
Subject: RE: [PHP-DEV] PHP 5.6 life cycle
From: zeev@zend.com (Zeev Suraski)

> -----Original Message-----
> From: Jan Ehrhardt [mailto:phpdev@ehrhardt.nl]
> Sent: Sunday, December 06, 2015 2:15 PM
> To: internals@lists.php.net
> Subject: [PHP-DEV] PHP 5.6 life cycle
>
> See http://php.net/supported-versions.php
>
> Will PHP 5.6 go into 'security fixes only' on 28 Aug 2015 with a end of
life on
> 28 Aug 2016? Or will we be postponing this a couple of months?

I think you're off by one here, no?

> BTW: An end-of-life in Dec 2016 will be in line wih the EOL of OpenSSL
> 1.0.1: "Version 1.0.1 will be supported until 2016-12-31."
> http://openssl.org/policies/releasestrat.html

IMHO, I think we need to look at the 5.6 lifecycle very differently from
how we look at 5.5 and earlier.  This is really the 5.x lifecycle as it's
the last version that's relatively completely painless to upgrade to from
5.x (especially 5.3 and later).

PHP 4 was maintained for 4+ years after PHP 5.0 was released (5.0 release
July 2004, PHP 4 support ended 8/8/08).  Not saying that we need to do the
same for 5, but one year upgrade cycle for everyone on 5.x doesn't sound
reasonable.  I don't have a firm opinion on 'active support' vs. 'security
only' - I think the latter much more closely defines what people truly
care about in terms of whether they feel comfortable having the version
still deployed or not.

At the very least I think we should give 5.6 24 months of lifetime from
PHP 7.0's release date (i.e. take it until Dec 2017), but I think we
should also consider either extending it even further, or at least paying
attention to the situation on the ground in terms of PHP 5's popularity as
we get closer to that EOL date.  Personally I'm leaning towards having a
firm date further down the road than a 'flexible' one, so that we give
people a clear and reasonable timeline to upgrade - without risking that
they "won't take us seriously" and assume we'd delay the EOL.

Zeev