On 7 January 2015 at 12:52, Scott Arciszewski <kobrasre...@gmail.com> wrote: > Hello, > > Would it be possible for php.net to publish a cryptographically signed > (e.g. openssl_sign() with a RSA private key kept offline) list in a > pre-defined location (e.g. /stable_versions.txt) so that scripts can be > written to read (and cache) the latest stable versions? > > I'm going to write a killswitch module that can be included in any PHP > project that basically does this: > > 1. fetch stable_versions.txt > 2. verify RSA signature > 3. check phpversion() and the stable versions listed > 4. are we running a stable PHP version? > 4-yes: cache result for 24 hours to prevent redundant lookups. > 4-no: kill script termination, explaining that PHP is out of date and > needs to be updated > > The idea is to remind and motivate the sysadmin to keep their software up > to date to prevent known security vulnerabilities from being exploited. > > If you are not okay with this, I'm going to write/publish the killswitch > configured to look at my own server. :) > > Scott
Hi Scott, I already do something similar to this for some of my CI, ensuring tests pass on new versions of PHP. I use the following shell script snippet to check for new versions (If there's a diff I parse the output with PHP to find _which_ new version) git ls-remote -t https://github.com/php/php-src | cut -d '/' -f3 | grep -P '^php-5\.\d+\.\d+' | sort -V Maybe you can use this too. You can add an end assertion to the regex to omit RC/beta tags. Regards, Leigh. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
