Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:89675
Return-Path: <scott@paragonie.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 98064 invoked from network); 6 Dec 2015 23:51:39 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 6 Dec 2015 23:51:39 -0000
Authentication-Results: pb1.pair.com smtp.mail=scott@paragonie.com; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=scott@paragonie.com; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain paragonie.com from 209.85.217.169 cause and error)
X-PHP-List-Original-Sender: scott@paragonie.com
X-Host-Fingerprint: 209.85.217.169 mail-lb0-f169.google.com  
Received: from [209.85.217.169] ([209.85.217.169:36049] helo=mail-lb0-f169.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id B2/15-55814-A0AC4665 for <internals@lists.php.net>; Sun, 06 Dec 2015 18:51:39 -0500
Received: by lbblt2 with SMTP id lt2so47110651lbb.3
        for <internals@lists.php.net>; Sun, 06 Dec 2015 15:51:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paragonie-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=Q0TpoEyLJQuSZZDjxAAUaH+3464EFL1SECwqOxcc6oQ=;
        b=drylXBZqzs7Vxy5bTb7x58O0ebUAUmUW59ctikZkLeBpdQsKbZsC2ECr2EWLWF4Mda
         rMiDwEUtmEPF+yibQHYxCaWjT24T0ZTpYWkDi2EFzAOPEGDVSm2DkbS0LvjBLrsvV25x
         y6wve76wiCyORrg88qpjMwAulqqsIbmTVFa+L708vBjqhGC0+PxOHYc+v6UXa6rhrjdh
         YJuMv/yaLYI7brMCI4fZWSpk6kh2sEh8Rt6isKoU9pyTyCX4U0ZWo5ZoUzbNdhW6Mf11
         ne4bpuavaZMUNN6ONqAUp6IEnxmfRZPs3KhKPVwsYkY7CokK59aZ7VIhVrR5PzBLT0cH
         xgNQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:date
         :message-id:subject:from:to:cc:content-type;
        bh=Q0TpoEyLJQuSZZDjxAAUaH+3464EFL1SECwqOxcc6oQ=;
        b=bRKJ+rw8/zs19nhEVP5eS9t/p90nFrKB1j7hp4kXj2TCPWg8xwxBGr6jkMXOYjh4f9
         rKyrW7GYcNQ/CrUM55BtP+MME/B5I9EHtrChQUa6e+30plJSErq2op5Z7qya25Jwt1Ee
         WX0jvsfhsqkR+i6035qCXPqa9KzcxWZsouhF4Z1Ch6uOdI6G0XillirYjrEVH+euJONB
         30+1ogtMfp8xRvQI1JE4PDXXhoy2aehxWxBR6SZIx3fE5XOxrtjqY+SE2mvjlbzhgsiy
         Z7QlrYNMyTMX4TDR5erp9AFMiDrm/xHvAnwmYDa5EoPdgVTqyzKzhES9p0sGketTadGN
         YxbA==
X-Gm-Message-State: ALoCoQkNGk2wckTKLOq4owGXLmMB25mQkrI9pfRvt/DHG2Rl4coaF52wL7WUtndh4F/j2kzueFab
MIME-Version: 1.0
X-Received: by 10.112.167.229 with SMTP id zr5mr12150517lbb.117.1449445895313;
 Sun, 06 Dec 2015 15:51:35 -0800 (PST)
Received: by 10.114.237.230 with HTTP; Sun, 6 Dec 2015 15:51:35 -0800 (PST)
In-Reply-To: <5664C221.9040403@gmail.com>
References: <d7986bddhrs5d7o2c6r42g6h9to3au5kq0@4ax.com>
	<90c8ecbc29f8a40a2430306b807a169e@mail.gmail.com>
	<5664AC01.1020602@gmail.com>
	<CAKws9z3dcZexuY548KFM3i7jBWivvqtVfgFFNrq7cqSmN5b=Gw@mail.gmail.com>
	<5664C221.9040403@gmail.com>
Date: Sun, 6 Dec 2015 18:51:35 -0500
Message-ID: <CAKws9z1H9kOrbX7jfZrbnuike=nProjfszkTTos8Bn7StNAzLg@mail.gmail.com>
To: Stanislav Malyshev <smalyshev@gmail.com>
Cc: Zeev Suraski <zeev@zend.com>, Jan Ehrhardt <phpdev@ehrhardt.nl>, 
	PHP Internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a11c25a8eb6361e0526436b75
Subject: Re: [PHP-DEV] PHP 5.6 life cycle
From: scott@paragonie.com (Scott Arciszewski)

--001a11c25a8eb6361e0526436b75
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On Sun, Dec 6, 2015 at 6:17 PM, Stanislav Malyshev <smalyshev@gmail.com>
wrote:

> Hi!
>
> > Giving everyone until the end of 2017 to update their servers is more
> > than sufficient.
>
> Sufficient for what? It is a hard fact that people still run 5.3
> version. In fact, 2/3 of sites run EOLed versions. You can always say
> they have only themselves to blame, but then I'm not sure what
> "sufficient" means. Unless adoption patterns change drastically, by the
> end of 2017 most people will not be running PHP 7. That's not something
> we can realistically change (unless you have some way of changing those
> patterns we didn't try yet or they change by themselves somehow). Thus,
> our choice lies only in whether we support this majority of users in
> some way
> =E2=80=8B=E2=80=8B
> or say "you are on your own now, we don't care about you anymore".
> --
> Stas Malyshev
> smalyshev@gmail.com
>


=E2=80=8BWe should do everything we can to instill a culture of keeping stu=
ff up to
date. Just because people are going to shoot themselves in the foot doesn't
mean we should supply them with additional ammo.

If 2/3 of sites still run EOLed versions of PHP, all adding a long-term
support version is going to do is encourage habits of inertia. "Well, 5.6
was supported until 2020, why can't 7.0.0 be supported until past 2019?
This isn't fair."

>
=E2=80=8B
 or say "you are on your own now, we don't care about you anymore".

Yes, given the lack of a sensible alternative, I think we need to do this.
And then the community needs to, collectively, invest serious effort in
finding a remotely exploitable vulnerability in any/all EOL'd versions of
PHP to give a strong incentive to stop running 5.2.x and 5.3.x in 2016.

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com/>
=E2=80=8B

--001a11c25a8eb6361e0526436b75--