Re: [PHP-DEV] PEAR install failures
Am 25.06.2017 um 20:55 schrieb Tom Van Looy: Chuck responded https://github.com/pear/pearweb_phars/issues/2#issuecomment-310918232 On Sun, Jun 25, 2017 at 6:47 PM, Tom Van Looy wrote: I also reported the issue here http://pear.php.net/bugs/bug.php?id=21222 Christian Weiske + Chuck Burgess are listed as active leads of that project. On Sun, Jun 25, 2017 at 6:36 PM, Sara Golemon wrote: On Sun, Jun 25, 2017 at 10:43 AM, Nikita Popov wrote: On Sun, Jun 25, 2017 at 4:23 PM, Sara Golemon wrote: I've heard at least two separate reports of the pear install step of PHP's `make install` failing for the 7.2 releases. (Latest: https://gist.github.com/brunoric/66fd62c00848a11f144d1838d26d043a ) Who's in charge of PEAR these days? Relevant: https://bugs.php.net/bug.php?id=74723 Archive_Tar had been updated by the time I rolled alpha2, but I still got an older version. Does something need to be poked to update https://pear.php.net/install-pear-nozlib.phar ? -Sara The file https://pear.php.net/install-pear-nozlib.phar was updated by Chuck. It now uses the new Tar_Archive version 1.4.3. He also did a new release of pearweb_phars. So if PHP 7.2 picks the new files for the next release all should be good. Regards, Rainer -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] MD5 no longer part of release process
On Wed, Jun 28, 2017, 10:26 AM Sara Golemon wrote: > On Wed, Jun 28, 2017 at 2:58 AM, Niklas Keller wrote: > > 2017-06-28 4:19 GMT+02:00 Sara Golemon : > >> I've pushed two commits to remove MD5 from www.php.net and qa.php.net, > >> however it should be noted that I left a fair amount of md5 in web-php > >> because very old releases have neither GPG signatures nor SHA256 > >> checksums, and while MD5 is weak and broken, it's better than nothing. > >> > > Can't we just rehash them? > > > If we agree that we trust the existing binaries haven't been > compromised at any point, sure. But at that point we'd be saying > "Here's a trustable sha256/gpg signature for a file" when really it's > "Here's a signature that's only really as trustable as the md5 we used > to verify it when we rehashed". > > In the interest of not presenting a false sense of security, I'd vote > "No" on that. Our past few years of releases are more reliably > signed, and we can be honest about what's in the attic. > > That all said, it wouldn't be a terrible idea to anchor some gpg sigs > of the old archives (in an explicitly flagged repo) just to be able to > say "They haven't changed since Jun 2017". The counter argument is "They haven't changed since 2017" is better than they might have changed yesterday... Especially in a couple years. Or when things don't get hacked and we want to verify them. They all have published vulnerabilities so for anyone who cares to look at them that should be good enough. You could leave the md5 to destinguish them. That or if we don't trust them enough to sign them, remove them because we're never going to trust them more than we do today.
[PHP-DEV] [RFC] [Declined] Doxygen
The Doxygen style for commenting was declined with 16 (no) versus 11 (yes). https://wiki.php.net/rfc/doxygen -- Richard "Fleshgrinder" Fussenegger signature.asc Description: OpenPGP digital signature
[PHP-DEV] [RFC] [Voting] Class Naming
https://wiki.php.net/rfc/class-naming Voting starts now and will be open for two weeks (July 15). -- Richard "Fleshgrinder" Fussenegger signature.asc Description: OpenPGP digital signature
Re: [PHP-DEV] [RFC] [Voting] Class Naming
- Original Message - > https://wiki.php.net/rfc/class-naming > > Voting starts now and will be open for two weeks (July 15). > > -- > Richard "Fleshgrinder" Fussenegger https://wiki.php.net/rfc still says no RFCs are in voting. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] [RFC] [Voting] Class Naming
On 7/1/2017 9:13 PM, Pieter Hordijk wrote: > https://wiki.php.net/rfc still says no RFCs are in voting. > > Thanks, fixed. -- Richard "Fleshgrinder" Fussenegger signature.asc Description: OpenPGP digital signature
