On Sun, Dec 6, 2015 at 6:17 PM, Stanislav Malyshev <smalys...@gmail.com> wrote:
> Hi! > > > Giving everyone until the end of 2017 to update their servers is more > > than sufficient. > > Sufficient for what? It is a hard fact that people still run 5.3 > version. In fact, 2/3 of sites run EOLed versions. You can always say > they have only themselves to blame, but then I'm not sure what > "sufficient" means. Unless adoption patterns change drastically, by the > end of 2017 most people will not be running PHP 7. That's not something > we can realistically change (unless you have some way of changing those > patterns we didn't try yet or they change by themselves somehow). Thus, > our choice lies only in whether we support this majority of users in > some way > > or say "you are on your own now, we don't care about you anymore". > -- > Stas Malyshev > smalys...@gmail.com > We should do everything we can to instill a culture of keeping stuff up to date. Just because people are going to shoot themselves in the foot doesn't mean we should supply them with additional ammo. If 2/3 of sites still run EOLed versions of PHP, all adding a long-term support version is going to do is encourage habits of inertia. "Well, 5.6 was supported until 2020, why can't 7.0.0 be supported until past 2019? This isn't fair." > or say "you are on your own now, we don't care about you anymore". Yes, given the lack of a sensible alternative, I think we need to do this. And then the community needs to, collectively, invest serious effort in finding a remotely exploitable vulnerability in any/all EOL'd versions of PHP to give a strong incentive to stop running 5.2.x and 5.3.x in 2016. Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises <https://paragonie.com/>
