(cross-posting to php-webmaster as well)
On 7 January 2015 at 04:52, Scott Arciszewski <kobrasre...@gmail.com> wrote:
> Would it be possible for php.net to publish a cryptographically signed
> (e.g. openssl_sign() with a RSA private key kept offline) list in a
> pre-defined location (e.g. /stable_versions.txt) so that scripts can be
> written to read (and cache) the latest stable versions?
My initial gut feeling is that, with at least three different sets of
RMs at any given time, the process of co-ordinating when to update
this file after a release day, who would own it, and just having it
done in a timely fashion is probably beyond what we should commit to.
I fear we'd be setting an expectation that, at some point, we'd fail
to meet. I also don't think we should add to the already considerable
load our RMs are under on release days.
("We" here means RMs and regular php-web committers, to be clear.)
That said, if you're OK trusting HTTPS and can do without the manual
signing step, we have an unadvertised JSON backend that can provide
the stable release information you'd need:
https://php.net/releases/active.php. This is used by the bug tracker
in conjunction with pulling version information from qa.php.net, so it
should be reliable.
Adam
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
