Hello,
Would it be possible for php.net to publish a cryptographically signed
(e.g. openssl_sign() with a RSA private key kept offline) list in a
pre-defined location (e.g. /stable_versions.txt) so that scripts can be
written to read (and cache) the latest stable versions?
I'm going to write a killswitch module that can be included in any PHP
project that basically does this:
1. fetch stable_versions.txt
2. verify RSA signature
3. check phpversion() and the stable versions listed
4. are we running a stable PHP version?
4-yes: cache result for 24 hours to prevent redundant lookups.
4-no: kill script termination, explaining that PHP is out of date and
needs to be updated
The idea is to remind and motivate the sysadmin to keep their software up
to date to prevent known security vulnerabilities from being exploited.
If you are not okay with this, I'm going to write/publish the killswitch
configured to look at my own server. :)
Scott
