[Phpmyadmin-devel] Security support for 2.11
Hi all we're supporting 2.11 branch already for quite some time and it's probably time to drop this support in near future. There still might be people stuck with PHP < 5.2, however I don't think this group is large nowadays and it is not worth supporting this old codebase. Thereby I propose to stop providing security support for 2.11 branch in near future. Two dates came to my mind: 1st January 2010 or 5th February 2010 (2 years from goPHP5 initiative). Any comments? -- Michal Čihař | http://cihar.com | http://blog.cihar.com
Hi Michal, On woansdei 18 Augustus 2010, Michal Čihař wrote:
we're supporting 2.11 branch already for quite some time and it's probably time to drop this support in near future.
There still might be people stuck with PHP < 5.2, however I don't think this group is large nowadays and it is not worth supporting this old codebase.
Thereby I propose to stop providing security support for 2.11 branch in near future. Two dates came to my mind: 1st January 2010 or 5th February 2010 (2 years from goPHP5 initiative).
Of course this may or not be relevant for upstream's considerations, but I'd like to point out that Debian is committed to security-supporting 2.11 (.8.1) for at least one-hand-half years from now (release of squeeze + 1 y). Cheers, Thijs
Michal Čihař a écrit :
Hi all
we're supporting 2.11 branch already for quite some time and it's probably time to drop this support in near future.
There still might be people stuck with PHP < 5.2, however I don't think this group is large nowadays and it is not worth supporting this old codebase.
Thereby I propose to stop providing security support for 2.11 branch in near future. Two dates came to my mind: 1st January 2010 or 5th February 2010 (2 years from goPHP5 initiative).
Any comments?
2011? -- Marc Delisle http://infomarc.info
Hi Dne Wed, 18 Aug 2010 10:19:49 -0400 Marc Delisle <marc@infomarc.info> napsal(a):
Michal Čihař a écrit :
Hi all
we're supporting 2.11 branch already for quite some time and it's probably time to drop this support in near future.
There still might be people stuck with PHP < 5.2, however I don't think this group is large nowadays and it is not worth supporting this old codebase.
Thereby I propose to stop providing security support for 2.11 branch in near future. Two dates came to my mind: 1st January 2010 or 5th February 2010 (2 years from goPHP5 initiative).
Any comments?
2011?
Sure, sorry for typo :-). -- Michal Čihař | http://cihar.com | http://blog.cihar.com
Hi, my personal opinion: I'm still using version 2.11 in production system, cause I've written some plugins (which still are not ported to newer version). Many IPS and many server management tools, like Plesk, still using the version 2.11, cause many ISP are using PHP4 *and *PHP5 on their default installations. Yes we should stop near future the support for older versions. But I think, perhaps January or February 2011 would be to soon. I think deadline for this at 31.12.2011 would be good, and all users, admins and developers have enough time, to integrate and/or migrate to newer version. Of course, we should make this public soon as possible: Version 2.11 support ends at ... 2011. Please upgrade soon as possible. I'm not sure, if we can publish such like info on the download list on SF.net. I mean, if somebody select an older version, that a alert-box is shown? Regards Michael Am 18.08.2010 16:32, schrieb Michal Čihař:
Hi
Dne Wed, 18 Aug 2010 10:19:49 -0400 Marc Delisle <marc@infomarc.info> napsal(a):
Michal Čihař a écrit :
Hi all
we're supporting 2.11 branch already for quite some time and it's probably time to drop this support in near future.
There still might be people stuck with PHP < 5.2, however I don't think this group is large nowadays and it is not worth supporting this old codebase.
Thereby I propose to stop providing security support for 2.11 branch in near future. Two dates came to my mind: 1st January 2010 or 5th February 2010 (2 years from goPHP5 initiative).
Any comments? 2011? Sure, sorry for typo :-).
------------------------------------------------------------------------------ This SF.net email is sponsored by
Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
Hi Dne Wed, 18 Aug 2010 14:23:23 +0200 Michal Čihař <michal@cihar.com> napsal(a):
we're supporting 2.11 branch already for quite some time and it's probably time to drop this support in near future.
There still might be people stuck with PHP < 5.2, however I don't think this group is large nowadays and it is not worth supporting this old codebase.
Thereby I propose to stop providing security support for 2.11 branch in near future. Two dates came to my mind: 1st January 2010 or 5th February 2010 (2 years from goPHP5 initiative).
Okay, given the feedback, I'd got for end of 2011. At least this is what the official announcement should say. It might be actually longer because as Thijs mentioned, Debian will need to support it a bit longer. As I'm both phpMyAdmin developer and Debian package maintainer, it is probably easier for me to do the work first in the git for 2.11 branch and then push it to Debian. -- Michal Čihař | http://cihar.com | http://blog.cihar.com
Michal Čihař a écrit :
Hi
Dne Wed, 18 Aug 2010 14:23:23 +0200 Michal Čihař <michal@cihar.com> napsal(a):
we're supporting 2.11 branch already for quite some time and it's probably time to drop this support in near future.
There still might be people stuck with PHP < 5.2, however I don't think this group is large nowadays and it is not worth supporting this old codebase.
Thereby I propose to stop providing security support for 2.11 branch in near future. Two dates came to my mind: 1st January 2010 or 5th February 2010 (2 years from goPHP5 initiative).
Okay, given the feedback, I'd got for end of 2011. At least this is what the official announcement should say.
Let's say 2012-01-01, it looks better ;)
It might be actually longer because as Thijs mentioned, Debian will need to support it a bit longer. As I'm both phpMyAdmin developer and Debian package maintainer, it is probably easier for me to do the work first in the git for 2.11 branch and then push it to Debian.
I did not believe we were tied by Debian needs... -- Marc Delisle http://infomarc.info
On Fri, August 20, 2010 16:21, Marc Delisle wrote:
It might be actually longer because as Thijs mentioned, Debian will need to support it a bit longer. As I'm both phpMyAdmin developer and Debian package maintainer, it is probably easier for me to do the work first in the git for 2.11 branch and then push it to Debian.
I did not believe we were tied by Debian needs...
Not "tied by", rather "can benefit from". Debian needs to support phpMyAdmin 2.11 until at least the end of 2011, if not longer. So we're doing the work anyway, you can incorporate it for free. Or in this case, Michal just does the work in git directly and exports it too us. Of course you can decide to declare 2.11 obsolete before that, it will mean that Debian just does the same work but only within Debian. In any case there's no tying going on :-) Cheers, Thijs
Thijs Kinkhorst a écrit :
On Fri, August 20, 2010 16:21, Marc Delisle wrote:
It might be actually longer because as Thijs mentioned, Debian will need to support it a bit longer. As I'm both phpMyAdmin developer and Debian package maintainer, it is probably easier for me to do the work first in the git for 2.11 branch and then push it to Debian.
I did not believe we were tied by Debian needs...
Not "tied by", rather "can benefit from". Debian needs to support phpMyAdmin 2.11 until at least the end of 2011, if not longer. So we're doing the work anyway, you can incorporate it for free. Or in this case, Michal just does the work in git directly and exports it too us. Of course you can decide to declare 2.11 obsolete before that, it will mean that Debian just does the same work but only within Debian. In any case there's no tying going on :-)
I see. So you are backporting today's security fixes into your 2.11.8.x version? -- Marc Delisle http://infomarc.info
Hi Dne Fri, 20 Aug 2010 10:58:50 -0400 Marc Delisle <marc@infomarc.info> napsal(a):
I see. So you are backporting today's security fixes into your 2.11.8.x version?
Well the code is not that different from 2.11.10, and yes I've backported the patch. -- Michal Čihař | http://cihar.com | http://blog.cihar.com
participants (4)
-
Marc Delisle -
Michael Keck -
Michal Čihař -
Thijs Kinkhorst