From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JHOpX-0003uG-VY for garchives@archives.gentoo.org; Tue, 22 Jan 2008 19:30:44 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 60973E0AFF; Tue, 22 Jan 2008 19:30:32 +0000 (UTC) Received: from shakti.fmp.com (shakti.fmp.com [216.110.12.105]) by pigeon.gentoo.org (Postfix) with ESMTP id 48D0FE0AFF for ; Tue, 22 Jan 2008 19:30:32 +0000 (UTC) Received: from [192.168.1.253] ([::ffff:10.8.0.7]) (AUTH: LOGIN fmouse@fmp.com) by shakti.fmp.com with esmtp; Tue, 22 Jan 2008 13:30:31 -0600 id 00000000000D6D0E.0000000047964457.00002C07 Subject: Re: [gentoo-server] PHP4 From: Lindsay Haisley To: gentoo-server@lists.gentoo.org In-Reply-To: <41195fb10801221118u5037b1bfl4da36148b4ed114b@mail.gmail.com> References: <20080118110850.C41241@shell.bway.net> <47961632.5000000@foobar.lu> <479617AD.3040800@gentoo.org> <1201025554.5987.27.camel@localhost.localdomain> <4796382F.1060001@foobar.lu> <47963BC6.3030905@norm.lu> <1201029239.7553.13.camel@localhost.localdomain> <41195fb10801221118u5037b1bfl4da36148b4ed114b@mail.gmail.com> Organization: FMP Computer Services Date: Tue, 22 Jan 2008 13:30:30 -0600 Message-Id: <1201030230.7553.23.camel@localhost.localdomain> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-server@lists.gentoo.org Reply-to: gentoo-server@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit X-Mailer: Evolution 2.12.1 X-Archives-Salt: 01e08c17-3ffc-48d8-8a64-5173fa3bbfc6 X-Archives-Hash: b7440858464f75749d86ee0e435a73f1 On Tue, 2008-01-22 at 11:18 -0800, RijilV wrote: > Not to overlook the fact that PHP is dropping support for PHP4 in > August. Switching distributions to get another half year of support > seems to me like getting a tattoo to fit in with the kids at > highschool. Everyone who wants to run updated software is going to > have to make this move at some point in time. Excellent point! (and a nice analogy). The other cost that has to be factored into any decision is the cost of dealing with the consequences of a system compromise resulting from a security hole. Yves, are your management folks aware that a security compromise on your PHP4 box will affect _all_ your customers with websites on it, not just those who's code may have been responsible for the compromise, and that cleaning up such a mess will probably take a lot more time and expense than the cost of script migration? Been there, done that, bought the T-shirt, and it was a Royal PITA! Not to mention the fact that once you've been compromised, you'll _have_ to migrate your customers to v5 ASAP, possibly without the luxury of being able to do them one by one. -- Lindsay Haisley | "In an open world, | PGP public key FMP Computer Services | who needs Windows | available at 512-259-1190 | or Gates" | http://pubkeys.fmp.com http://www.fmp.com | | -- gentoo-server@lists.gentoo.org mailing list