On 05/04/2012 03:53 PM, Anatoliy Belsky wrote:

Sean, thanks for reporting that :)

Chris, theoretically there were a possibility to apply the patch for 5.04 which 
was made first (it's attached in #61504) ... but I wouldn't call that quite 
rational. As Sean mentioned, it's already done. For the current patch 5.11 
tests was fixed, some fixes was done over it, and it's released. Besides this, 
patching for 7 versions forwards wasn't that easy, so the longer it's waiting, 
the worst it gets. Therefore I'd really suggest here to document this and to 
make the warnings more meaningful.

Hannes, I agree here even more than you :) . But, that was a security 
conditioned upgrade. The patch for 5.04 has existed shortly before the patch 
5.11, but finally the 5.11 one was considered as better. The notices come 
directly from libmagic, so no wonder some of them are not handled properly (and 
they were not before). The development was concentrated more on the usage with 
the compiled in data (as use of the externals is rare), so I think at the end 
of he day a security fix is worth it.

Thanks for the help guys and regards


We appreciate your help too.

There are some lessons I've learned from this:

- BC breaks are bad and should be discussed (maybe this one was, but
  that would have been on the security list that I'm not on)

- clear documentation on any BC breakage is needed

- The PHP NEWS updating process is broken.



PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to