On Mon, Dec 8, 2008 at 16:57, Pierre Joye <[EMAIL PROTECTED]> wrote: > On Mon, Dec 8, 2008 at 4:47 PM, Johannes Schlüter <[EMAIL PROTECTED]> wrote: >> >> When dropping magic_quotes the hosting company can do one of two things: >> >> a) not update to 5.3 so we either have to maintain 5.2 for some time or >> let them have problems > > +1
We cannot simply nuke a feature that was once upon a time sold as a security feature, and is still enabled by default, just "out of the blue". > I already discussed the possibility to maintain the 5.2 branch after > 5.3-final (irc and some meetings) and I like to do it (in any case). I > do think it is something to do but only for critical bug fixes > (security or crash only). Of course should we continue to do security releases for "previous minor releases" until the "new one" is up to .2 or .3 at least. > We may say that it is the job of the distributors, but I'd to > disagree. It is critical for us to provide sources and binary releases > of a stable branch officially, even after a newer branch has been > released. How are distributions supposed to keep up to date with security fixes anyway? The only distro that has a chance is RHEL because they have an "inside guy". We really need to work on our relationship with other distros, starting with marking security fixes as security fixes. -Hannes -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
