Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:89682
Return-Path: <smalyshev@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 13265 invoked from network); 7 Dec 2015 01:23:14 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 7 Dec 2015 01:23:14 -0000
Authentication-Results: pb1.pair.com smtp.mail=smalyshev@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=smalyshev@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.44 as permitted sender)
X-PHP-List-Original-Sender: smalyshev@gmail.com
X-Host-Fingerprint: 209.85.220.44 mail-pa0-f44.google.com  
Received: from [209.85.220.44] ([209.85.220.44:32993] helo=mail-pa0-f44.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id C5/A7-55814-28FD4665 for <internals@lists.php.net>; Sun, 06 Dec 2015 20:23:14 -0500
Received: by pabfh17 with SMTP id fh17so119110150pab.0
        for <internals@lists.php.net>; Sun, 06 Dec 2015 17:23:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=subject:to:references:cc:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-type:content-transfer-encoding;
        bh=u40YJwS6G61mTUN2UZVSbuTx/ZtRRxTyB2PZaBOIPQw=;
        b=FSMp1YQUtWxDg3i+/lmJpgCcarx2EmXzxZA8P55Ku9a2v0dEGa0XQynddmdosXDZI9
         I8Vz88noQZL7avj7zeHFYUq7aYDpMWf/6Ix5pQg1RtprE5R/fPBNLmaCHK1hzVPSo28z
         8hLTIUbCo9czQkmeTpa1qFozzww9fgsP40QAd9iqESb2aUydEh3i8GkGqmklLtHamW4k
         qedhNYYO1SOjLQTWNdtjoE4uxiZ28J+BzwM+xZ9peknOXd77sVs0grzDo9Z6+eogP6za
         PkVt8k4OKrU7mmJ++qWyVlduIUigxAhfWX+NvCm13lzf9nclLbztInGYn454xCa39OGd
         HMFA==
X-Received: by 10.66.254.39 with SMTP id af7mr39555078pad.43.1449451391565;
        Sun, 06 Dec 2015 17:23:11 -0800 (PST)
Received: from Stas-Air.local ([2602:304:cdc2:e5f0:1cb6:e55f:6082:be9a])
        by smtp.gmail.com with ESMTPSA id w1sm30439076pfa.57.2015.12.06.17.23.09
        (version=TLSv1/SSLv3 cipher=OTHER);
        Sun, 06 Dec 2015 17:23:10 -0800 (PST)
To: Scott Arciszewski <scott@paragonie.com>
References: <d7986bddhrs5d7o2c6r42g6h9to3au5kq0@4ax.com>
 <90c8ecbc29f8a40a2430306b807a169e@mail.gmail.com>
 <5664AC01.1020602@gmail.com>
 <CAKws9z3dcZexuY548KFM3i7jBWivvqtVfgFFNrq7cqSmN5b=Gw@mail.gmail.com>
 <5664C221.9040403@gmail.com>
 <CAKws9z1H9kOrbX7jfZrbnuike=nProjfszkTTos8Bn7StNAzLg@mail.gmail.com>
Cc: Zeev Suraski <zeev@zend.com>, Jan Ehrhardt <phpdev@ehrhardt.nl>,
 PHP Internals <internals@lists.php.net>
X-Enigmail-Draft-Status: N1110
Message-ID: <5664DF7A.8080707@gmail.com>
Date: Sun, 6 Dec 2015 17:23:06 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0)
 Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <CAKws9z1H9kOrbX7jfZrbnuike=nProjfszkTTos8Bn7StNAzLg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] PHP 5.6 life cycle
From: smalyshev@gmail.com (Stanislav Malyshev)

Hi!

> If 2/3 of sites still run EOLed versions of PHP, all adding a long-term
> support version is going to do is encourage habits of inertia. "Well,

You seem to be under impression that we have some control over these
habits. We do not. There are a lot of factors that influence these
decisions, but out "encouraging" or "not encouraging" would not even
enter top 10. The reality is that adoption did not catch up yet, and I
do not see how we can change it - we can only recognize it or ignore it
(and call it "not encouraging"). Unless you can name something that we
can really do to make people upgrade (and no, dropping support wouldn't
work, we already know that).

> 5.6 was supported until 2020, why can't 7.0.0 be supported until past
> 2019? This isn't fair."

I'm not sure what you mean by "fair" here. There's no inherent moral
obligation on support timeframes, so the word "fair" has no meaning here.

> Yes, given the lack of a sensible alternative, I think we need to do
> this. And then the community needs to, collectively, invest serious

But that lack is not given, the sensible alternative exists - extending
the support. The premise that this alternative is not sensible is
exactly the question under discussion, so you can not use it as an
argument without engaging in circular reasoning.

> effort in finding a remotely exploitable vulnerability in any/all EOL'd
> versions of PHP to give a strong incentive to stop running 5.2.x and
> 5.3.x in 2016.

Community doesn't need to do any such thing, exploitable vulnerabilities
exist in many old versions already. However, I hope you are not implying
we should be somehow making exploiting old versions easier in a
misguided attempt to get people to upgrade? That would be like setting
somebody's home on fire in order to educate them about fire safety.

-- 
Stas Malyshev
smalyshev@gmail.com