On 05/04/2012 03:53 PM, Anatoliy Belsky wrote:
Sean, thanks for reporting that :) Chris, theoretically there were a possibility to apply the patch for 5.04 which was made first (it's attached in #61504) ... but I wouldn't call that quite rational. As Sean mentioned, it's already done. For the current patch 5.11 tests was fixed, some fixes was done over it, and it's released. Besides this, patching for 7 versions forwards wasn't that easy, so the longer it's waiting, the worst it gets. Therefore I'd really suggest here to document this and to make the warnings more meaningful. Hannes, I agree here even more than you :) . But, that was a security conditioned upgrade. The patch for 5.04 has existed shortly before the patch 5.11, but finally the 5.11 one was considered as better. The notices come directly from libmagic, so no wonder some of them are not handled properly (and they were not before). The development was concentrated more on the usage with the compiled in data (as use of the externals is rare), so I think at the end of he day a security fix is worth it. Thanks for the help guys and regards Anatoliy
We appreciate your help too. There are some lessons I've learned from this: - BC breaks are bad and should be discussed (maybe this one was, but that would have been on the security list that I'm not on) - clear documentation on any BC breakage is needed - The PHP NEWS updating process is broken. Chris -- christopher.jo...@oracle.com http://twitter.com/#!/ghrd -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
