Official position from php.net: http://www.php.net/releases/4_4_9.php,
http://www.php.net/ChangeLog-4.php#4.4.9.
In other words, any security vulnerabilities discovered in PHP4 in the
last 22 months have not been fixed and will not be fixed. As others have
said, a web hosting company that considers this to be acceptable is
untrustworthy to do business with.
Domenic Santangelo wrote:
Hypothetically, if a client wanted you to build a Drupal site (complexity of
say, 2, where 10 is economist.com) and they insisted on a specific host -- and
this host only supports php4, what would you tell them? So far I've got,
-Core will work but many contribs will not (filefield, date, ubercart, etc)
-Prepare for added development time that you wouldn't have to otherwise pay for
-???
What would you say, hypothetically? Any official stance on php4 from d.o?
Thanks,
-D
