On 2010.04.17. 7:39, Ferenc Kovacs wrote:
On Fri, Apr 16, 2010 at 10:38 PM, Larry Garfield<la...@garfieldtech.com>wrote:
On Friday 16 April 2010 05:23:42 am Ferenc Kovacs wrote:
I think that the hosting providers will do notice, and either not
migrate,
or send a mail to their users, warning to check their settings because if
they are depending on the magic quotes, they will be in danger.
So I think we don't have to wait for the shared hosting providers,
because
they will catch up as slow or fast as we go.
Given how long it took them to catch up to PHP 5 in the first place I don't
think we can count on that.
Because PHP4 was supported for a long time. This is what I'm saying. If you
support 5,3 at least with security updates for years, they won't upgrade
because they don't have to.
Such breakage should come in large chunks so that hosts only have to wring
their hands once every so often. Otherwise they just won't upgrade ever.
Most run on very thin margins.
I disagree, from the point of the coder who has to port the application from
one version to other, it's easier, if there is only a few changes, which has
to be taken care of.
From the point of shared hosting providers, they don't want to change
anything from the BC perspective, so if you turn off some default value, or
throw deprecate warning, they will turn it back on, and ignore the errors.
When this is not possible (because you removed some feature), they won't
upgrade, as long as there is security support for the old version.
Tyrael
Just some anecdotal evidence regarding this issue:
http://it.slashdot.org/story/10/04/16/1646244/ClamAV-Forced-Upgrade-Breaks-Email-Servers
<http://it.slashdot.org/story/10/04/16/1646244/ClamAV-Forced-Upgrade-Breaks-Email-Servers>
The 2 year old version of the ClamAV daemon (0.94) is incompatible with
the new signature updates (for the also free 0.95 and 0.96 versions), so
the old version crashed.
The funny part is ClamAV was announcing this for at least 6 months. On
mailing lists, their homepage, plus the daemon was flooding the server
log every day with warnings.
Still, some admins did not care about a product that couldn't be more
explicitly a factor of their network security. Therefore, in my opinion,
waiting for admins to upgrade is futile, useless, and just keeps users
in security-fairyland for more time.
Pas
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
