Hi,
I'm wondering what happened to the planned release of PHP 4.4.3. The
original release date (May 30th) has long passed and I haven't seen any
response to Pierre's recent questions about the status of the release.
From what I can see[1], no new release candidates were released either.
Are there any issues preventing this release from happening? If so, I
haven't seen them mentioned here.
Frankly, I find that kind of worrying. PHP 4.4.3 is supposed to fix a
number of security issues that were fixed in PHP 5 eight weeks ago. Many
of our users are still running on PHP 4 which means that they are all
vulnerable and can't do anything about it (usually because their hosting
services don't want to upgrade to PHP 5 for one reason or another).
PHP has been criticised a lot for its security issues in the past, but
it has gotten a lot better over the recent months, thanks to all of your
hard work. Please don't put that at risk by delaying what can only be
described as a critical security update.
If I may add: Sometimes, discussions on this list give the impression
that at least some of you would rather stop developing PHP 5 and move on
to PHP 6 ASAP. While I can understand how attractive this must be,
please don't forget that a lot of us out there in the "real world" are
still dealing with PHP 4, legacy code, and hosting services that don't
even want to upgrade to PHP 5 just yet for fear of breaking their
customer's applications.
So unless the proverbial killer application comes along that makes
everybody switch to PHP 5 by the end of the week, please take into
account that it's not looking like PHP 4 will go away anytime soon, as
much as you may want to leave it behind.
Please note that this is not meant as a "PHP sucks" or "PHP's security
sucks" comment. This is just a friendly reminder that there are people
out there that are still deploying applications that will have to run on
PHP 4 and a plea for not neglecting that part of your user base.
Thanks for your attention.
regards,
Dirk Haun
(Maintainer, Geeklog 1.x)
[1] We're one of the projects on the PhP4zy list; in fact, PHP 4.4.3RC1
is installed on the machine I'm posting this from.
Hey,
First of all I agree. We should be releasing 4.4.3. Derick is supposed to be
on top of that. If that's delayed due to lack of time (understandable) we
can have someone else roll the RCs and releases. In the past we've often
switched release managers for mini releases when the one doing it didn't
have time. I see no reason why not to do it now.
Derick, need someone else to roll this mini release?
As to the ISP who is not willing to offer PHP 5. Can you please point out
which ISP that is? My experience has been that there's more of a perception
of ISPs not offering PHP 5, but that most actually offer it (not on the same
server though).
Thx.
Andi
-----Original Message-----
From: Dirk Haun [mailto:dirk@haun-online.de]
Sent: Sunday, June 25, 2006 2:39 AM
To: internals@lists.php.net
Subject: [PHP-DEV] Status of PHP 4.4.3?Hi,
I'm wondering what happened to the planned release of PHP
4.4.3. The original release date (May 30th) has long passed
and I haven't seen any response to Pierre's recent questions
about the status of the release.
From what I can see[1], no new release candidates were
released either.
Are there any issues preventing this release from happening?
If so, I haven't seen them mentioned here.Frankly, I find that kind of worrying. PHP 4.4.3 is supposed
to fix a number of security issues that were fixed in PHP 5
eight weeks ago. Many of our users are still running on PHP 4
which means that they are all vulnerable and can't do
anything about it (usually because their hosting services
don't want to upgrade to PHP 5 for one reason or another).PHP has been criticised a lot for its security issues in the
past, but it has gotten a lot better over the recent months,
thanks to all of your hard work. Please don't put that at
risk by delaying what can only be described as a critical
security update.If I may add: Sometimes, discussions on this list give the
impression that at least some of you would rather stop
developing PHP 5 and move on to PHP 6 ASAP. While I can
understand how attractive this must be, please don't forget
that a lot of us out there in the "real world" are still
dealing with PHP 4, legacy code, and hosting services that
don't even want to upgrade to PHP 5 just yet for fear of
breaking their customer's applications.So unless the proverbial killer application comes along that
makes everybody switch to PHP 5 by the end of the week,
please take into account that it's not looking like PHP 4
will go away anytime soon, as much as you may want to leave it behind.Please note that this is not meant as a "PHP sucks" or "PHP's
security sucks" comment. This is just a friendly reminder
that there are people out there that are still deploying
applications that will have to run on PHP 4 and a plea for
not neglecting that part of your user base.Thanks for your attention.
regards,
Dirk Haun
(Maintainer, Geeklog 1.x)[1] We're one of the projects on the PhP4zy list; in fact,
PHP 4.4.3RC1 is installed on the machine I'm posting this from.--
http://www.geeklog.net/
http://geeklog.info/--
To
unsubscribe, visit: http://www.php.net/unsub.php
Hi Andi,
Hey,
First of all I agree. We should be releasing 4.4.3. Derick is supposed to be
on top of that. If that's delayed due to lack of time (understandable) we
can have someone else roll the RCs and releases.
It is understandable to lack time, we are all volunteers and do it in
our free time. As a RM to do not answer mails or valid questions is
not acceptable, sorry.
As to the ISP who is not willing to offer PHP 5. Can you please point out
which ISP that is? My experience has been that there's more of a perception
of ISPs not offering PHP 5, but that most actually offer it (not on the same
server though).
It is not only about ISP. Actually ISP, dedecated hosts, intra or
internet, it does not matter. There is many reasons not to upgrade to
php5 when you have critical apps on php4.
Cheers,
--Pierre