Hello!
As it's about a month until the end of PHP 4, it's time to make the last
release. There have been a few important fixes, which need to be part of
a release. If you have anything else, please let me know so we can
integrate it in the release as well. I'm planning to make a release
candidate Wednesday next week (for a release on Thursday).
regards,
Derick
--
Derick Rethans
http://derickrethans.nl | http://ezcomponents.org | http://xdebug.org
Hello!
As it's about a month until the end of PHP 4, it's time to make the last
release. There have been a few important fixes, which need to be part of
a release.
Out of curiosity, which ones and why aren't they in the NEWS file?
-Hannes
Hannes Magnusson wrote:
Hello!
As it's about a month until the end of PHP 4, it's time to make the last
release. There have been a few important fixes, which need to be part of
a release.Out of curiosity, which ones and why aren't they in the NEWS file?
I thought there'd be release only if there were some critical security
fixes to fix..?
--Jani
Hannes Magnusson wrote:
Hello!
As it's about a month until the end of PHP 4, it's time to make the last
release. There have been a few important fixes, which need to be part of
a release.Out of curiosity, which ones and why aren't they in the NEWS file?
I thought there'd be release only if there were some critical security fixes
to fix..?
There are a few issues. Not a lot, but wrapping it up before the
deadline seems like a proper thing to do.
regards,
Derick
PHP 4 end of life announcement:
After 2007-12-31 there will be no more releases of PHP 4.4.
We will continue to make critical security fixes available
on a case-by-case basis until 2008-08-08.
Hello Derick,
Janusz is damn right here. Make the patches available but do not make it
easy for people to stick to 4 please. Instead, stick to th eplan.
marcus
Monday, July 7, 2008, 1:15:19 PM, you wrote:
PHP 4 end of life announcement:
After 2007-12-31 there will be no more releases of PHP 4.4.
We will continue to make critical security fixes available
on a case-by-case basis until 2008-08-08.
Best regards,
Marcus
Hello Derick,
Janusz is damn right here. Make the patches available but do not make it
easy for people to stick to 4 please. Instead, stick to th eplan.
I tend to agree here, a new release may contradict the purpose of the
"end of life" announcement.
Cheers,
Pierre
Hi,
I do not have karma, but I still think you guys missed one point in
the entire thing.
The end of life cycle of PHP4 is 08-08-08, so people expect one last
release in this day as the last release.
Some of you are telling that release something now contradicts your
master plan, but you missed something.
If you don't release something in 08-08-08, what will people think?
That PHP4 died in 08-01-03.
Why? Because their last touchable release is that one.
You may tell "checkout the source and you'll have 08-08-08", but most
people are not interested in cvs. They are interested in .tar.gz.
So, please, do not think you're contradicting something, because you
aren't. If you don't release the LAST tag in the Olympics begin day,
people will feel frustrated.
I know thousands from userland may think the same. I already work with
PHP5 only, but it's not the case here.
That's just my humble opinion.
Regards,
Hello Derick,
Janusz is damn right here. Make the patches available but do not make it
easy for people to stick to 4 please. Instead, stick to th eplan.I tend to agree here, a new release may contradict the purpose of the
"end of life" announcement.Cheers,
Pierre
http://blog.thepimp.net | http://www.libgd.org
--
--
Guilherme Blanco - Web Developer
CBC - Certified Bindows Consultant
Cell Phone: +55 (16) 9166-6902
MSN: guilhermeblanco@hotmail.com
URL: http://blog.bisna.com
Rio de Janeiro - RJ/Brazil
2008/7/7 Guilherme Blanco guilhermeblanco@gmail.com:
The end of life cycle of PHP4 is 08-08-08, so people expect one last
release in this day as the last release.
Some of you are telling that release something now contradicts your
master plan, but you missed something.If you don't release something in 08-08-08, what will people think?
That PHP4 died in 08-01-03.
Why? Because their last touchable release is that one.
PHP4 died 07-12-31.
If PHP team will release next version of PHP4, PHP 4 end of life
announcement will lose it's meaning, and the not yet upgraded webhosts
won't have any reason to upgrade.
2008/7/7 Guilherme Blanco guilhermeblanco@gmail.com:
The end of life cycle of PHP4 is 08-08-08, so people expect one last
release in this day as the last release.
Some of you are telling that release something now contradicts your
master plan, but you missed something.If you don't release something in 08-08-08, what will people think?
That PHP4 died in 08-01-03.
Why? Because their last touchable release is that one.
PHP4 died 07-12-31.If PHP team will release next version of PHP4, PHP 4 end of life
announcement will lose it's meaning, and the not yet upgraded webhosts
won't have any reason to upgrade.
When you have an application that has millions of lines and you rely
of an specific major version, you'll understand my mean.
I already tried to move to PHP5, without success. Lots of code changes
and weird behaviors. Complete rewrite needed, no time for that.
One last release to address last found issues seems perfect for this case.
Otherwise... why have these fixes being applied? If it'll not be
released anything after the end of support, why apply security patches
there?
So all the efforts of people have done to address important holes in
PHP4 was useless, don't you think?
Regards,
--
Guilherme Blanco - Web Developer
CBC - Certified Bindows Consultant
Cell Phone: +55 (16) 9166-6902
MSN: guilhermeblanco@hotmail.com
URL: http://blog.bisna.com
Rio de Janeiro - RJ/Brazil
Janusz is damn right here. Make the patches available but do not
make it easy for people to stick to 4 please. Instead, stick to th
eplan.
We do, there are security fixes - we make a release.
regards,
Derick
--
Derick Rethans
http://derickrethans.nl | http://ezcomponents.org | http://xdebug.org
-----Original Message-----
From: Derick Rethans [mailto:derick@php.net]
Sent: Monday, July 07, 2008 7:22 AM
To: Marcus Boerger
Cc: PHP Internals; Janusz Lewandowski
Subject: Re: [PHP-DEV] PHP 4.4.9Janusz is damn right here. Make the patches available but do not
make it easy for people to stick to 4 please. Instead, stick to th
eplan.We do, there are security fixes - we make a release.
I'm with Derick here. We should push out new releases when there are security issues
Andi
Hello,
Janusz is damn right here. Make the patches available but do not
make it easy for people to stick to 4 please. Instead, stick to th
eplan.We do, there are security fixes - we make a release.
I'm with Derick here. We should push out new releases when there are
security issues
While I mostly observe here, I would like to add some feedback from this
point of view. With PHP 4, the date still has not been reached and if there
are security flaws they should be patched and released. This should not be
sending mixed messages with the end of life announcement. From the
enterprise perspective, we are out of compliance once the end of life has
been exceeded and internal policies will force many on PHP 4 to upgrade to
PHP 5 once that date has been reached.
Within these environments there might be legacy applications running on PHP
4 that are either waiting to reach their end of cycle or need to be upgraded
and the only way that does happen is when those timelines are reached when
the language reaches the end of it's life cycle.
Mike
I'm with Derick here. We should push out new releases when there are security issues
As am I. The EOL announcement itself justifies the release:
"We will continue to make critical security fixes available on a
case-by-case basis until 2008-08-08."
While it does contradict one sentence prior by saying this:
"After 2007-12-31 there will be no more releases of PHP 4.4."
.... it's really just a matter of semantics. To end all arguments
by satisfying that statement, a release could just be dubbed PHP 4.5.
That meets the requirements of the EOL by making the necessary fixes,
and still abides by the EOL on 4.4.x. ;-P
--
</Daniel P. Brown>
Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just
$59.99/mo. with no contract!
Dedicated servers, VPS, and hosting from $2.50/mo.
We phrased it that way as we wanted to send a strong signal to people to
upgrade to PHP 5 but purposely later on softened that for security
patches. It was written like this on purpose... :)
Andi
-----Original Message-----
From: Daniel Brown [mailto:parasane@gmail.com]
Sent: Monday, July 07, 2008 9:07 AM
To: Andi Gutmans
Cc: Derick Rethans; Marcus Boerger; PHP Internals; Janusz Lewandowski
Subject: Re: [PHP-DEV] PHP 4.4.9I'm with Derick here. We should push out new releases when there are
security issuesAs am I. The EOL announcement itself justifies the release: "We will continue to make critical security fixes available on acase-by-case basis until 2008-08-08."
While it does contradict one sentence prior by saying this: "After 2007-12-31 there will be no more releases of PHP 4.4." .... it's really just a matter of semantics. To end all argumentsby satisfying that statement, a release could just be dubbed PHP 4.5.
That meets the requirements of the EOL by making the necessary fixes,
and still abides by the EOL on 4.4.x. ;-P--
</Daniel P. Brown>
Dedicated Servers - Intel 2.4GHz w/2TB bandwidth/mo. starting at just
$59.99/mo. with no contract!
Dedicated servers, VPS, and hosting from $2.50/mo.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Janusz Lewandowski schrieb:
PHP 4 end of life announcement:
After 2007-12-31 there will be no more releases of PHP 4.4.
We will continue to make critical security fixes available
on a case-by-case basis until 2008-08-08.
Considering the fact that PHP 4.4.8 is known to have several public
security problems that where only fixed in PHP 5, releasing PHP 4.4.9
as last final version is the right thing todo.
Stefan Esser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkhyGhYACgkQSuF5XhWr2njsGACguBayiah0yj0RojBYhIIvCIqq
67kAni2syRvA1Db2mOHv96csV7pwh+tB
=U9RH
-----END PGP SIGNATURE
Hi Stefan,
Considering the fact that PHP 4.4.8 is known to have several public
security problems that where only fixed in PHP 5, releasing PHP 4.4.9
as last final version is the right thing todo.
Fixing any major security hole in 4.4 at this point would put an abrupt end
to this argument ;)
- Steph
Hello Stefan,
this can be continued forever. Say we release 4.4.9, then sooner or
later people will find another security whole, so we do another release.
And another release and in the year 2134 our childrens children will
release 4.4.4363
marcus :-)
Monday, July 7, 2008, 3:28:54 PM, you wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Janusz Lewandowski schrieb:
PHP 4 end of life announcement:
After 2007-12-31 there will be no more releases of PHP 4.4.
We will continue to make critical security fixes available
on a case-by-case basis until 2008-08-08.
Considering the fact that PHP 4.4.8 is known to have several public
security problems that where only fixed in PHP 5, releasing PHP 4.4.9
as last final version is the right thing todo.
Stefan Esser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkhyGhYACgkQSuF5XhWr2njsGACguBayiah0yj0RojBYhIIvCIqq
67kAni2syRvA1Db2mOHv96csV7pwh+tB
=U9RH
-----END PGP SIGNATURE-----
Best regards,
Marcus
this can be continued forever. Say we release 4.4.9, then sooner or
later people will find another security whole, so we do another release.
And another release and in the year 2134 our childrens children will
release 4.4.4363
Uh, no. The last date is as always has been 2008-08-08. 4.4.9 will be
the last release.
regards,
Derick
Hello Derick,
how about this. We edit php_config.h to be version 4.4.8pl1. Then
provide a patch for download. All reasonable distributions will pick up
that patch anyway. But at least we didn't do a release as we promised, we
wouldn't.
marcus
Monday, July 7, 2008, 9:09:51 AM, you wrote:
Hello!
As it's about a month until the end of PHP 4, it's time to make the last
release. There have been a few important fixes, which need to be part of
a release. If you have anything else, please let me know so we can
integrate it in the release as well. I'm planning to make a release
candidate Wednesday next week (for a release on Thursday).
regards,
Derick
--
Derick Rethans
http://derickrethans.nl | http://ezcomponents.org | http://xdebug.org
Best regards,
Marcus
how about this. We edit php_config.h to be version 4.4.8pl1. Then
provide a patch for download. All reasonable distributions will pick up
that patch anyway. But at least we didn't do a release as we promised, we
wouldn't.
Uh, no. We didn't promise we wouldn't make releases. It clearly says
that if there are security issues we look at them case-by-case to see if
we should make a release. There are security issues, we make a release.
There is nothing more to discuss about this.
regards,
Derick
Derick Rethans wrote:
how about this. We edit php_config.h to be version 4.4.8pl1. Then
provide a patch for download. All reasonable distributions will pick up
that patch anyway. But at least we didn't do a release as we promised, we
wouldn't.Uh, no. We didn't promise we wouldn't make releases. It clearly says
that if there are security issues we look at them case-by-case to see if
we should make a release. There are security issues, we make a release.
There is nothing more to discuss about this.
We did actually. The exact text from the announcement was:
After 2007-12-31 there will be no more releases of PHP 4.4. We will
continue to make critical security fixes available on a case-by-case
basis until 2008-08-08.
The two statements do contradict each other a little bit, and I am ok
with another release, but technically Marcus is correct.
-Rasmus
Derick Rethans wrote:
how about this. We edit php_config.h to be version 4.4.8pl1. Then
provide a patch for download. All reasonable distributions will
pick up
that patch anyway. But at least we didn't do a release as we
promised, we
wouldn't.
Uh, no. We didn't promise we wouldn't make releases. It clearly
says that if there are security issues we look at them case-by-case
to see if we should make a release. There are security issues, we
make a release. There is nothing more to discuss about this.We did actually. The exact text from the announcement was:
After 2007-12-31 there will be no more releases of PHP 4.4. We will
continue to make critical security fixes available on a case-by-case
basis until 2008-08-08.The two statements do contradict each other a little bit, and I am
ok with another release, but technically Marcus is correct.
However, to further extend our analysis of past writings... the
following is taken from the 4.4.8 release announcement[1]:
"... This release wraps up all the outstanding patches for
the PHP 4.4 series, and is therefore the last normal PHP 4.4
release. If necessary, releases to address security issues
could be made until 2008-08-08."
This indicates a potential future release.
Regards,
Philip
Don't you guys have bigger fish to fry?
--
Richard Quadling
Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731
"Standing on the shoulders of some very clever giants!"
Derick Rethans wrote:
how about this. We edit php_config.h to be version 4.4.8pl1. Then
provide a patch for download. All reasonable distributions will pick up
that patch anyway. But at least we didn't do a release as we promised, we
wouldn't.Uh, no. We didn't promise we wouldn't make releases. It clearly says
that if there are security issues we look at them case-by-case to see if
we should make a release. There are security issues, we make a release.
There is nothing more to discuss about this.
We did actually. The exact text from the announcement was:
After 2007-12-31 there will be no more releases of PHP 4.4. We will
continue to make critical security fixes available on a case-by-case
basis until 2008-08-08.
The two statements do contradict each other a little bit, and I am ok
with another release, but technically Marcus is correct.
-Rasmus