Query: Should ZF2 bump the minimum required PHP version?

classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|

Query: Should ZF2 bump the minimum required PHP version?

weierophinney
Administrator
Hey, all --

We're running into a few situations where bumping the minimum required
PHP version for ZF2 would be useful; in fact, there's at least one
situation where staying with 5.3.3 actually prevents progress on a few
issues.

The specific issue we have is that, until 5.3.9, PHP did not allow the
following:

    interface Foo
    {
        public function send();
    }

    interface Bar
    {
        public function send();
    }

    class FooBar implements Foo, Bar
    {
        public function send()
        {
            // do something
        }
    }

Essentially, implementing multiple interfaces that define the same
method, using the same signature.
Prior to 5.3.9, this raises an E_FATAL. From 5.3.9 forward, it works.

Having this would allow us to fix a situation with the way translation
works across components; not having it means we're stuck with some of
those problems.

There are other issues as well: ArrayObject has had a lively history
of malfunctioning with 5.3 and 5.4, and there are  some odd behaviors
in the object model as well that have been corrected starting in 5.3.7
and up.

Considering PHP 5.3 has already reached end of life status
(http://php.net/archive/2013.php#id2013-07-11-1), upping the minimum
version seems like "a good idea."

My question, then is:

- Should we up the minimum required PHP version for ZF2?
- If your answer was "no", why not?
- If your answer was "yes", what version should become the next
minimum supported PHP version? Why?

NOTE: we are not announcing that we will up the minimum required
version at this time; I'm soliciting feedback so we can make a
decision.

Thanks in advance!

--
Matthew Weier O'Phinney
Project Lead            | [hidden email]
Zend Framework          | http://framework.zend.com/
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc

--
List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: [zf-contributors] Query: Should ZF2 bump the minimum required PHP version?

Artur Bodera
Voting no.

As much as I'd love to bump it even higher (*ekhem* borked DateTime
*ekhem*) it will probably confuse the hell out of user base. We've had this
discussion several times on different occasions (on ml, irc, even some
stuff on wiki).

We'll have to live with 5.3.3 until ZF3. With ZF3 we'll have to live with
5.4.X (which will probably be aligned with most popular revision per linux
distros) and we'll probably have similar discussions in the future ... and
for the sake of consistency, my answer will then also probably be "no".

With love :-)

Art.


--
[hidden email]
+48 695 600 936
http://thinkscape.pro


On Tue, Nov 5, 2013 at 8:55 PM, Stewart Lord <[hidden email]> wrote:

> My vote is 'no' because (as far as I know) RHEL 6 is currently at 5.3.3
> and we have customers on that distro. This would mean we are stuck on older
> ZF2 at least for a while. Not a huge deal really, but that's my vote FWIW :)
>
> I also note that Symfony2 is at 5.3.3.
>
> Stew
>
>
>
> On 2013-11-05 11:34 AM, Matthew Weier O'Phinney wrote:
>
>> Hey, all --
>>
>> We're running into a few situations where bumping the minimum required
>> PHP version for ZF2 would be useful; in fact, there's at least one
>> situation where staying with 5.3.3 actually prevents progress on a few
>> issues.
>>
>> The specific issue we have is that, until 5.3.9, PHP did not allow the
>> following:
>>
>>      interface Foo
>>      {
>>          public function send();
>>      }
>>
>>      interface Bar
>>      {
>>          public function send();
>>      }
>>
>>      class FooBar implements Foo, Bar
>>      {
>>          public function send()
>>          {
>>              // do something
>>          }
>>      }
>>
>> Essentially, implementing multiple interfaces that define the same
>> method, using the same signature.
>> Prior to 5.3.9, this raises an E_FATAL. From 5.3.9 forward, it works.
>>
>> Having this would allow us to fix a situation with the way translation
>> works across components; not having it means we're stuck with some of
>> those problems.
>>
>> There are other issues as well: ArrayObject has had a lively history
>> of malfunctioning with 5.3 and 5.4, and there are  some odd behaviors
>> in the object model as well that have been corrected starting in 5.3.7
>> and up.
>>
>> Considering PHP 5.3 has already reached end of life status
>> (http://php.net/archive/2013.php#id2013-07-11-1), upping the minimum
>> version seems like "a good idea."
>>
>> My question, then is:
>>
>> - Should we up the minimum required PHP version for ZF2?
>> - If your answer was "no", why not?
>> - If your answer was "yes", what version should become the next
>> minimum supported PHP version? Why?
>>
>> NOTE: we are not announcing that we will up the minimum required
>> version at this time; I'm soliciting feedback so we can make a
>> decision.
>>
>> Thanks in advance!
>>
>>
>
Reply | Threaded
Open this post in threaded view
|

Re: [zf-contributors] Query: Should ZF2 bump the minimum required PHP version?

richard
My vote is for the PHP version the majority of stable / LTS OS's support by
default.

Regards


On Tue, Nov 5, 2013 at 8:03 PM, Artur Bodera <[hidden email]> wrote:

> Voting no.
>
> As much as I'd love to bump it even higher (*ekhem* borked DateTime
> *ekhem*) it will probably confuse the hell out of user base. We've had this
> discussion several times on different occasions (on ml, irc, even some
> stuff on wiki).
>
> We'll have to live with 5.3.3 until ZF3. With ZF3 we'll have to live with
> 5.4.X (which will probably be aligned with most popular revision per linux
> distros) and we'll probably have similar discussions in the future ... and
> for the sake of consistency, my answer will then also probably be "no".
>
> With love :-)
>
> Art.
>
>
> --
> [hidden email]
> +48 695 600 936
> http://thinkscape.pro
>
>
> On Tue, Nov 5, 2013 at 8:55 PM, Stewart Lord <[hidden email]> wrote:
>
>> My vote is 'no' because (as far as I know) RHEL 6 is currently at 5.3.3
>> and we have customers on that distro. This would mean we are stuck on older
>> ZF2 at least for a while. Not a huge deal really, but that's my vote FWIW :)
>>
>> I also note that Symfony2 is at 5.3.3.
>>
>> Stew
>>
>>
>>
>> On 2013-11-05 11:34 AM, Matthew Weier O'Phinney wrote:
>>
>>> Hey, all --
>>>
>>> We're running into a few situations where bumping the minimum required
>>> PHP version for ZF2 would be useful; in fact, there's at least one
>>> situation where staying with 5.3.3 actually prevents progress on a few
>>> issues.
>>>
>>> The specific issue we have is that, until 5.3.9, PHP did not allow the
>>> following:
>>>
>>>      interface Foo
>>>      {
>>>          public function send();
>>>      }
>>>
>>>      interface Bar
>>>      {
>>>          public function send();
>>>      }
>>>
>>>      class FooBar implements Foo, Bar
>>>      {
>>>          public function send()
>>>          {
>>>              // do something
>>>          }
>>>      }
>>>
>>> Essentially, implementing multiple interfaces that define the same
>>> method, using the same signature.
>>> Prior to 5.3.9, this raises an E_FATAL. From 5.3.9 forward, it works.
>>>
>>> Having this would allow us to fix a situation with the way translation
>>> works across components; not having it means we're stuck with some of
>>> those problems.
>>>
>>> There are other issues as well: ArrayObject has had a lively history
>>> of malfunctioning with 5.3 and 5.4, and there are  some odd behaviors
>>> in the object model as well that have been corrected starting in 5.3.7
>>> and up.
>>>
>>> Considering PHP 5.3 has already reached end of life status
>>> (http://php.net/archive/2013.php#id2013-07-11-1), upping the minimum
>>> version seems like "a good idea."
>>>
>>> My question, then is:
>>>
>>> - Should we up the minimum required PHP version for ZF2?
>>> - If your answer was "no", why not?
>>> - If your answer was "yes", what version should become the next
>>> minimum supported PHP version? Why?
>>>
>>> NOTE: we are not announcing that we will up the minimum required
>>> version at this time; I'm soliciting feedback so we can make a
>>> decision.
>>>
>>> Thanks in advance!
>>>
>>>
>>
>
Reply | Threaded
Open this post in threaded view
|

Re: [zf-contributors] Query: Should ZF2 bump the minimum required PHP version?

EvanDotPro
In reply to this post by weierophinney
First, I agree with the RHEL / LTS distro arguments, and can see that
having a negative effect on these companies. My gut reaction is to say no,
we should respect the version we committed to originally, despite the cost
(hey, we can't use traits either... too bad). I can personally confirm that
many companies specifically choose Zend Framework because of the
reliability on these types of matters (more-so backwards compatibility
breaks, but PHP version support plays a large role as well).

That said, due to the ZF policy of backporting security fixes to previous
minor version releases, which matches that of the distributions being cited
here, I don't actually see bumping the PHP version requirement as a
problem. These enterprise users will simply have to be feature-frozen and
only receive minor version updates when a security fix is backported,
period. Missing out on new features and (non-critical) bugfixes *after* such
a change is a cost they have already accepted as part of their policy to
limit themselves strictly to distribution-provided packages.

So, ultimately, I can't say I'd actually be upset either way. All of my
clients who are using enterprise / LTS distributions will still be fine to
use all of the ZF2 features they've come to depend on up until this point,
and we'll still be able to update their ZF2 minor version when/if future
security fixes are released. If such a change meant that enterprise / LTS
distro users would be unable to get critical security fixes, then I'd
strongly be -1 to this, but that is simply not the case here.


--
*Evan Coury, ZCE*
http://blog.evan.pro/


On Tue, Nov 5, 2013 at 12:34 PM, Matthew Weier O'Phinney
<[hidden email]>wrote:

> Hey, all --
>
> We're running into a few situations where bumping the minimum required
> PHP version for ZF2 would be useful; in fact, there's at least one
> situation where staying with 5.3.3 actually prevents progress on a few
> issues.
>
> The specific issue we have is that, until 5.3.9, PHP did not allow the
> following:
>
>     interface Foo
>     {
>         public function send();
>     }
>
>     interface Bar
>     {
>         public function send();
>     }
>
>     class FooBar implements Foo, Bar
>     {
>         public function send()
>         {
>             // do something
>         }
>     }
>
> Essentially, implementing multiple interfaces that define the same
> method, using the same signature.
> Prior to 5.3.9, this raises an E_FATAL. From 5.3.9 forward, it works.
>
> Having this would allow us to fix a situation with the way translation
> works across components; not having it means we're stuck with some of
> those problems.
>
> There are other issues as well: ArrayObject has had a lively history
> of malfunctioning with 5.3 and 5.4, and there are  some odd behaviors
> in the object model as well that have been corrected starting in 5.3.7
> and up.
>
> Considering PHP 5.3 has already reached end of life status
> (http://php.net/archive/2013.php#id2013-07-11-1), upping the minimum
> version seems like "a good idea."
>
> My question, then is:
>
> - Should we up the minimum required PHP version for ZF2?
> - If your answer was "no", why not?
> - If your answer was "yes", what version should become the next
> minimum supported PHP version? Why?
>
> NOTE: we are not announcing that we will up the minimum required
> version at this time; I'm soliciting feedback so we can make a
> decision.
>
> Thanks in advance!
>
> --
> Matthew Weier O'Phinney
> Project Lead            | [hidden email]
> Zend Framework          | http://framework.zend.com/
> PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc
>
Reply | Threaded
Open this post in threaded view
|

Re: [zf-contributors] Query: Should ZF2 bump the minimum required PHP version?

weierophinney
Administrator
In reply to this post by Artur Bodera
On Tue, Nov 5, 2013 at 2:03 PM, Artur Bodera <[hidden email]> wrote:

> Voting no.
>
> As much as I'd love to bump it even higher (*ekhem* borked DateTime *ekhem*)
> it will probably confuse the hell out of user base. We've had this
> discussion several times on different occasions (on ml, irc, even some stuff
> on wiki).
>
> We'll have to live with 5.3.3 until ZF3. With ZF3 we'll have to live with
> 5.4.X (which will probably be aligned with most popular revision per linux
> distros) and we'll probably have similar discussions in the future ... and
> for the sake of consistency, my answer will then also probably be "no".

Actually, you're mistaken.

We bumped the minimum required version of ZF1 to 5.2.4 (from 5.1.6)
for 1.7. We bumped it again to 5.2.10 or 5.2.12 for either the 1.11 or
1.12 release.

In other words, we HAVE allowed bumps to the PHP version as long as
they happen with a minor release or greater of ZF. That is what I'm
proposing here - a bump with the 2.3.0 release of ZF.



> On Tue, Nov 5, 2013 at 8:55 PM, Stewart Lord <[hidden email]> wrote:
>>
>> My vote is 'no' because (as far as I know) RHEL 6 is currently at 5.3.3
>> and we have customers on that distro. This would mean we are stuck on older
>> ZF2 at least for a while. Not a huge deal really, but that's my vote FWIW :)
>>
>> I also note that Symfony2 is at 5.3.3.
>>
>> Stew
>>
>>
>>
>> On 2013-11-05 11:34 AM, Matthew Weier O'Phinney wrote:
>>>
>>> Hey, all --
>>>
>>> We're running into a few situations where bumping the minimum required
>>> PHP version for ZF2 would be useful; in fact, there's at least one
>>> situation where staying with 5.3.3 actually prevents progress on a few
>>> issues.
>>>
>>> The specific issue we have is that, until 5.3.9, PHP did not allow the
>>> following:
>>>
>>>      interface Foo
>>>      {
>>>          public function send();
>>>      }
>>>
>>>      interface Bar
>>>      {
>>>          public function send();
>>>      }
>>>
>>>      class FooBar implements Foo, Bar
>>>      {
>>>          public function send()
>>>          {
>>>              // do something
>>>          }
>>>      }
>>>
>>> Essentially, implementing multiple interfaces that define the same
>>> method, using the same signature.
>>> Prior to 5.3.9, this raises an E_FATAL. From 5.3.9 forward, it works.
>>>
>>> Having this would allow us to fix a situation with the way translation
>>> works across components; not having it means we're stuck with some of
>>> those problems.
>>>
>>> There are other issues as well: ArrayObject has had a lively history
>>> of malfunctioning with 5.3 and 5.4, and there are  some odd behaviors
>>> in the object model as well that have been corrected starting in 5.3.7
>>> and up.
>>>
>>> Considering PHP 5.3 has already reached end of life status
>>> (http://php.net/archive/2013.php#id2013-07-11-1), upping the minimum
>>> version seems like "a good idea."
>>>
>>> My question, then is:
>>>
>>> - Should we up the minimum required PHP version for ZF2?
>>> - If your answer was "no", why not?
>>> - If your answer was "yes", what version should become the next
>>> minimum supported PHP version? Why?
>>>
>>> NOTE: we are not announcing that we will up the minimum required
>>> version at this time; I'm soliciting feedback so we can make a
>>> decision.
>>>
>>> Thanks in advance!
>>>
>>
>



--
Matthew Weier O'Phinney
Project Lead            | [hidden email]
Zend Framework          | http://framework.zend.com/
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc

--
List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: [zf-contributors] Query: Should ZF2 bump the minimum required PHP version?

Artur Bodera
In reply to this post by EvanDotPro
On Tue, Nov 5, 2013 at 10:55 PM, Evan Coury <[hidden email]> wrote:

> These enterprise users will simply have to be feature-frozen and only
> receive minor version updates when a security fix is backported, period.
> Missing out on new features and (non-critical) bugfixes *after* such a
> change is a cost they have already accepted as part of their policy to
> limit themselves strictly to distribution-provided packages.
>

I think it's the gist of the problem.

There's also quite lot of assumptions, which basically boils down to: "if
they use old PHP versions, it's their problem and they must know and
acknowledge all downsides, accept all the risks".  Well, it's actually a
logical conclusion but the question is: how much do they rely on frameworks
such as ZF2 to "shim away" their problems ?

If we went this way, on our side, this means very careful PR merging
process so backports do receive as many of the upgrades as possible. Not
sure how much pain that would be actually :-| @mwop ?

> will still be fine to use all of the ZF2 features they've come to depend
on up until this point

Yes, but those features will slowly diminish with time, as only security
stuff will be backported. So basically our decision here means: "no more
feature upgrades and bug fixes for you from now on unless you upgrade PHP".


--
[hidden email]
+48 695 600 936
http://thinkscape.pro
Reply | Threaded
Open this post in threaded view
|

Re: [zf-contributors] Query: Should ZF2 bump the minimum required PHP version?

Marco Pivetta
On 6 November 2013 00:22, Artur Bodera <[hidden email]> wrote:

> On Tue, Nov 5, 2013 at 10:55 PM, Evan Coury <[hidden email]> wrote:
>
> > These enterprise users will simply have to be feature-frozen and only
> > receive minor version updates when a security fix is backported, period.
> > Missing out on new features and (non-critical) bugfixes *after* such a
> > change is a cost they have already accepted as part of their policy to
> > limit themselves strictly to distribution-provided packages.
> >
>
> I think it's the gist of the problem.
>
> There's also quite lot of assumptions, which basically boils down to: "if
> they use old PHP versions, it's their problem and they must know and
> acknowledge all downsides, accept all the risks".  Well, it's actually a
> logical conclusion but the question is: how much do they rely on frameworks
> such as ZF2 to "shim away" their problems ?
>

I don't think ZF, SF or whatever framework you pick should become "the
jQuery of PHP". A framework is not an excuse to use older PHP versions
without worrying.


>
> If we went this way, on our side, this means very careful PR merging
> process so backports do receive as many of the upgrades as possible. Not
> sure how much pain that would be actually :-| @mwop ?
>

Yes, that would be very painful. Instead of that solution, I' rather
suggest keeping 5.3.3 in ZF2 and delaying whatever is causing the failures
for ZF3 (where the bump is possible).


>
> > will still be fine to use all of the ZF2 features they've come to depend
> on up until this point
>
> Yes, but those features will slowly diminish with time, as only security
> stuff will be backported. So basically our decision here means: "no more
> feature upgrades and bug fixes for you from now on unless you upgrade PHP".
>

That's kind-of the point of upgrading generally...


>
>
> --
> [hidden email]
> +48 695 600 936
> http://thinkscape.pro
>


Marco Pivetta

http://twitter.com/Ocramius

http://ocramius.github.com/
Reply | Threaded
Open this post in threaded view
|

Re: [zf-contributors] Query: Should ZF2 bump the minimum required PHP version?

David Muir-2
In reply to this post by weierophinney
On 06/11/13 06:34, Matthew Weier O'Phinney wrote:

> Hey, all --
>
> We're running into a few situations where bumping the minimum required
> PHP version for ZF2 would be useful; in fact, there's at least one
> situation where staying with 5.3.3 actually prevents progress on a few
> issues.
>
> The specific issue we have is that, until 5.3.9, PHP did not allow the
> following:
>
>      interface Foo
>      {
>          public function send();
>      }
>
>      interface Bar
>      {
>          public function send();
>      }
>
>      class FooBar implements Foo, Bar
>      {
>          public function send()
>          {
>              // do something
>          }
>      }
>
> Essentially, implementing multiple interfaces that define the same
> method, using the same signature.
> Prior to 5.3.9, this raises an E_FATAL. From 5.3.9 forward, it works.
>
> Having this would allow us to fix a situation with the way translation
> works across components; not having it means we're stuck with some of
> those problems.
>
> There are other issues as well: ArrayObject has had a lively history
> of malfunctioning with 5.3 and 5.4, and there are  some odd behaviors
> in the object model as well that have been corrected starting in 5.3.7
> and up.
>
> Considering PHP 5.3 has already reached end of life status
> (http://php.net/archive/2013.php#id2013-07-11-1), upping the minimum
> version seems like "a good idea."
>

It's not quite EOL yet. There's still security fixes until July 2014.
That said, I don't mind the minimum version being bumped to 5.3.9.

Cheers,
David

--
List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: [zf-contributors] Query: Should ZF2 bump the minimum required PHP version?

Stefano Torresi
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: [zf-contributors] Query: Should ZF2 bump the minimum required PHP version?

mbneto
I don;t mind the small bump.   We are not talking about moving to 5.4 or
5.5 so even tough those using LTS distribuitions may have to use outside or
fast track repo the majority should be ok.

go speed racer, go.


On Thu, Nov 7, 2013 at 3:57 AM, Stefano Torresi <[hidden email]>wrote:

> FWIW I think a minor requirement bump shouldn't be that tragic. If one
> is ok with using an older PHP version, he will be ok using an older
> framework version. Afterall 2.2.* should be mature enough to satisfy
> their requirements.
>
> That said, backporting fixes is pretty much mandatory, and the
> concerns raised about this are legit.
> What would have to be backported? Security only or bug fixes in general?
> More to the point, would the backporting take more effort than
> sticking with the older PHP version in the first place? If that's the
> case, the bump may not be completely worth it.
> I'm not in the position to assess this, but it may be something to
> consider.
>
> P.S.
> PHP 5.4 will absolutely NOT be EOL in 2014 as stated above, by any
> stretch of the imagination! The data mentioned were just an example
> for the RFC.
>
> --
> List: [hidden email]
> Info: http://framework.zend.com/archives
> Unsubscribe: [hidden email]
>
>
>
Reply | Threaded
Open this post in threaded view
|

Re: [zf-contributors] Query: Should ZF2 bump the minimum required PHP version?

EvanDotPro
In reply to this post by Stefano Torresi
Hello,

On Thu, Nov 7, 2013 at 1:57 AM, Stefano Torresi <[hidden email]>wrote:

> FWIW I think a minor requirement bump shouldn't be that tragic. If one
> is ok with using an older PHP version, he will be ok using an older
> framework version. Afterall 2.2.* should be mature enough to satisfy
> their requirements.
>
> That said, backporting fixes is pretty much mandatory, and the
> concerns raised about this are legit.
> What would have to be backported? Security only or bug fixes in general?


This can easily be argued both ways, but I would say that for the sake of
consistency with enterprise / LTS packaging standards and the sanity of the
ZF team, it should be security fixes only.

--
Evan Coury
Reply | Threaded
Open this post in threaded view
|

Re: [zf-contributors] Query: Should ZF2 bump the minimum required PHP version?

Stefano Torresi
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: Query: Should ZF2 bump the minimum required PHP version?

weierophinney
Administrator
In reply to this post by weierophinney
Hey, all --

I never closed this thread, but will do so now.

ZF 2.3.0 WILL bump the version to at least 5.3.9; we may bump to the
last 5.3 release version (5.3.27), as that contains the last security
fixes applied to the 5.3 branch, and distros that provide 5.3 either
have 5.3.3 or 5.3.latest typically; Zend Server, which should run on
just about any OS out there, ships 5.3.27 already, and is a viable
option for upgrade for those whose distros are stuck on older
versions.

We *DO* have precedence for bumping the minimum required version at
minor release versions; we did this with 1.7 (bumped to 5.2.4) and
again with 1.12 (bumped to 5.2.<latest at the time>). Additionally, as
others noted in the thread, if you are "stuck" with an LTS server
edition, typically you are also pinning to specific ZF versions long
term as well, as it's part of your release process.

While I am aware this will displease some of you, we cannot please
everyone, and we have some very real issues in the code base that
require fixes introduced starting in 5.3.9. Considering that we are in
the last few months of security releases for the 5.3 branch, an
upgrade to 5.4 or higher is strongly encouraged by the PHP group
anyways.


On Tue, Nov 5, 2013 at 1:34 PM, Matthew Weier O'Phinney
<[hidden email]> wrote:

> Hey, all --
>
> We're running into a few situations where bumping the minimum required
> PHP version for ZF2 would be useful; in fact, there's at least one
> situation where staying with 5.3.3 actually prevents progress on a few
> issues.
>
> The specific issue we have is that, until 5.3.9, PHP did not allow the
> following:
>
>     interface Foo
>     {
>         public function send();
>     }
>
>     interface Bar
>     {
>         public function send();
>     }
>
>     class FooBar implements Foo, Bar
>     {
>         public function send()
>         {
>             // do something
>         }
>     }
>
> Essentially, implementing multiple interfaces that define the same
> method, using the same signature.
> Prior to 5.3.9, this raises an E_FATAL. From 5.3.9 forward, it works.
>
> Having this would allow us to fix a situation with the way translation
> works across components; not having it means we're stuck with some of
> those problems.
>
> There are other issues as well: ArrayObject has had a lively history
> of malfunctioning with 5.3 and 5.4, and there are  some odd behaviors
> in the object model as well that have been corrected starting in 5.3.7
> and up.
>
> Considering PHP 5.3 has already reached end of life status
> (http://php.net/archive/2013.php#id2013-07-11-1), upping the minimum
> version seems like "a good idea."
>
> My question, then is:
>
> - Should we up the minimum required PHP version for ZF2?
> - If your answer was "no", why not?
> - If your answer was "yes", what version should become the next
> minimum supported PHP version? Why?
>
> NOTE: we are not announcing that we will up the minimum required
> version at this time; I'm soliciting feedback so we can make a
> decision.
>
> Thanks in advance!
>
> --
> Matthew Weier O'Phinney
> Project Lead            | [hidden email]
> Zend Framework          | http://framework.zend.com/
> PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc



--
Matthew Weier O'Phinney
Project Lead            | [hidden email]
Zend Framework          | http://framework.zend.com/
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc

--
List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: [zf-contributors] Re: Query: Should ZF2 bump the minimum required PHP version?

zburnham
> On Dec 6, 2013, at 11:49 AM, Matthew Weier O'Phinney <[hidden email]> wrote:
>
> Hey, all --
>
> I never closed this thread, but will do so now.
>
> ZF 2.3.0 WILL bump the version to at least 5.3.9; we may bump to the
> last 5.3 release version (5.3.27), as that contains the last security
> fixes applied to the 5.3 branch, and distros that provide 5.3 either
> have 5.3.3 or 5.3.latest typically; Zend Server, which should run on
> just about any OS out there, ships 5.3.27 already, and is a viable
> option for upgrade for those whose distros are stuck on older
> versions.
>
> We *DO* have precedence for bumping the minimum required version at
> minor release versions; we did this with 1.7 (bumped to 5.2.4) and
> again with 1.12 (bumped to 5.2.<latest at the time>). Additionally, as
> others noted in the thread, if you are "stuck" with an LTS server
> edition, typically you are also pinning to specific ZF versions long
> term as well, as it's part of your release process.
>
> While I am aware this will displease some of you, we cannot please
> everyone, and we have some very real issues in the code base that
> require fixes introduced starting in 5.3.9. Considering that we are in
> the last few months of security releases for the 5.3 branch, an
> upgrade to 5.4 or higher is strongly encouraged by the PHP group
> anyways.
>
>
> On Tue, Nov 5, 2013 at 1:34 PM, Matthew Weier O'Phinney
> <[hidden email]> wrote:
>> Hey, all --
>>
>> We're running into a few situations where bumping the minimum required
>> PHP version for ZF2 would be useful; in fact, there's at least one
>> situation where staying with 5.3.3 actually prevents progress on a few
>> issues.
>>
>> The specific issue we have is that, until 5.3.9, PHP did not allow the
>> following:
>>
>>    interface Foo
>>    {
>>        public function send();
>>    }
>>
>>    interface Bar
>>    {
>>        public function send();
>>    }
>>
>>    class FooBar implements Foo, Bar
>>    {
>>        public function send()
>>        {
>>            // do something
>>        }
>>    }
>>
>> Essentially, implementing multiple interfaces that define the same
>> method, using the same signature.
>> Prior to 5.3.9, this raises an E_FATAL. From 5.3.9 forward, it works.
>>
>> Having this would allow us to fix a situation with the way translation
>> works across components; not having it means we're stuck with some of
>> those problems.
>>
>> There are other issues as well: ArrayObject has had a lively history
>> of malfunctioning with 5.3 and 5.4, and there are  some odd behaviors
>> in the object model as well that have been corrected starting in 5.3.7
>> and up.
>>
>> Considering PHP 5.3 has already reached end of life status
>> (http://php.net/archive/2013.php#id2013-07-11-1), upping the minimum
>> version seems like "a good idea."
>>
>> My question, then is:
>>
>> - Should we up the minimum required PHP version for ZF2?
>> - If your answer was "no", why not?
>> - If your answer was "yes", what version should become the next
>> minimum supported PHP version? Why?
>>
>> NOTE: we are not announcing that we will up the minimum required
>> version at this time; I'm soliciting feedback so we can make a
>> decision.
>>
>> Thanks in advance!
>>
>> --
>> Matthew Weier O'Phinney
>> Project Lead            | [hidden email]
>> Zend Framework          | http://framework.zend.com/
>> PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc
>
>
>
> --
> Matthew Weier O'Phinney
> Project Lead            | [hidden email]
> Zend Framework          | http://framework.zend.com/
> PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc

--
List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: [zf-contributors] Re: Query: Should ZF2 bump the minimum required PHP version?

zburnham
In reply to this post by weierophinney
Will security problems with 2.2 be patched?

> On Dec 6, 2013, at 11:49 AM, Matthew Weier O'Phinney <[hidden email]> wrote:
>
> Hey, all --
>
> I never closed this thread, but will do so now.
>
> ZF 2.3.0 WILL bump the version to at least 5.3.9; we may bump to the
> last 5.3 release version (5.3.27), as that contains the last security
> fixes applied to the 5.3 branch, and distros that provide 5.3 either
> have 5.3.3 or 5.3.latest typically; Zend Server, which should run on
> just about any OS out there, ships 5.3.27 already, and is a viable
> option for upgrade for those whose distros are stuck on older
> versions.
>
> We *DO* have precedence for bumping the minimum required version at
> minor release versions; we did this with 1.7 (bumped to 5.2.4) and
> again with 1.12 (bumped to 5.2.<latest at the time>). Additionally, as
> others noted in the thread, if you are "stuck" with an LTS server
> edition, typically you are also pinning to specific ZF versions long
> term as well, as it's part of your release process.
>
> While I am aware this will displease some of you, we cannot please
> everyone, and we have some very real issues in the code base that
> require fixes introduced starting in 5.3.9. Considering that we are in
> the last few months of security releases for the 5.3 branch, an
> upgrade to 5.4 or higher is strongly encouraged by the PHP group
> anyways.
>
>
> On Tue, Nov 5, 2013 at 1:34 PM, Matthew Weier O'Phinney
> <[hidden email]> wrote:
>> Hey, all --
>>
>> We're running into a few situations where bumping the minimum required
>> PHP version for ZF2 would be useful; in fact, there's at least one
>> situation where staying with 5.3.3 actually prevents progress on a few
>> issues.
>>
>> The specific issue we have is that, until 5.3.9, PHP did not allow the
>> following:
>>
>>    interface Foo
>>    {
>>        public function send();
>>    }
>>
>>    interface Bar
>>    {
>>        public function send();
>>    }
>>
>>    class FooBar implements Foo, Bar
>>    {
>>        public function send()
>>        {
>>            // do something
>>        }
>>    }
>>
>> Essentially, implementing multiple interfaces that define the same
>> method, using the same signature.
>> Prior to 5.3.9, this raises an E_FATAL. From 5.3.9 forward, it works.
>>
>> Having this would allow us to fix a situation with the way translation
>> works across components; not having it means we're stuck with some of
>> those problems.
>>
>> There are other issues as well: ArrayObject has had a lively history
>> of malfunctioning with 5.3 and 5.4, and there are  some odd behaviors
>> in the object model as well that have been corrected starting in 5.3.7
>> and up.
>>
>> Considering PHP 5.3 has already reached end of life status
>> (http://php.net/archive/2013.php#id2013-07-11-1), upping the minimum
>> version seems like "a good idea."
>>
>> My question, then is:
>>
>> - Should we up the minimum required PHP version for ZF2?
>> - If your answer was "no", why not?
>> - If your answer was "yes", what version should become the next
>> minimum supported PHP version? Why?
>>
>> NOTE: we are not announcing that we will up the minimum required
>> version at this time; I'm soliciting feedback so we can make a
>> decision.
>>
>> Thanks in advance!
>>
>> --
>> Matthew Weier O'Phinney
>> Project Lead            | [hidden email]
>> Zend Framework          | http://framework.zend.com/
>> PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc
>
>
>
> --
> Matthew Weier O'Phinney
> Project Lead            | [hidden email]
> Zend Framework          | http://framework.zend.com/
> PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc

--
List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: [zf-contributors] Re: Query: Should ZF2 bump the minimum required PHP version?

weierophinney
Administrator
On Fri, Dec 6, 2013 at 10:53 AM, Zachary Burnham <[hidden email]> wrote:
> Will security problems with 2.2 be patched?

Yes -- we're not abandoning 2.2, we're just bumping the minimum
required PHP version for 2.3 onwards.


>> On Dec 6, 2013, at 11:49 AM, Matthew Weier O'Phinney <[hidden email]> wrote:
>>
>> Hey, all --
>>
>> I never closed this thread, but will do so now.
>>
>> ZF 2.3.0 WILL bump the version to at least 5.3.9; we may bump to the
>> last 5.3 release version (5.3.27), as that contains the last security
>> fixes applied to the 5.3 branch, and distros that provide 5.3 either
>> have 5.3.3 or 5.3.latest typically; Zend Server, which should run on
>> just about any OS out there, ships 5.3.27 already, and is a viable
>> option for upgrade for those whose distros are stuck on older
>> versions.
>>
>> We *DO* have precedence for bumping the minimum required version at
>> minor release versions; we did this with 1.7 (bumped to 5.2.4) and
>> again with 1.12 (bumped to 5.2.<latest at the time>). Additionally, as
>> others noted in the thread, if you are "stuck" with an LTS server
>> edition, typically you are also pinning to specific ZF versions long
>> term as well, as it's part of your release process.
>>
>> While I am aware this will displease some of you, we cannot please
>> everyone, and we have some very real issues in the code base that
>> require fixes introduced starting in 5.3.9. Considering that we are in
>> the last few months of security releases for the 5.3 branch, an
>> upgrade to 5.4 or higher is strongly encouraged by the PHP group
>> anyways.
>>
>>
>> On Tue, Nov 5, 2013 at 1:34 PM, Matthew Weier O'Phinney
>> <[hidden email]> wrote:
>>> Hey, all --
>>>
>>> We're running into a few situations where bumping the minimum required
>>> PHP version for ZF2 would be useful; in fact, there's at least one
>>> situation where staying with 5.3.3 actually prevents progress on a few
>>> issues.
>>>
>>> The specific issue we have is that, until 5.3.9, PHP did not allow the
>>> following:
>>>
>>>    interface Foo
>>>    {
>>>        public function send();
>>>    }
>>>
>>>    interface Bar
>>>    {
>>>        public function send();
>>>    }
>>>
>>>    class FooBar implements Foo, Bar
>>>    {
>>>        public function send()
>>>        {
>>>            // do something
>>>        }
>>>    }
>>>
>>> Essentially, implementing multiple interfaces that define the same
>>> method, using the same signature.
>>> Prior to 5.3.9, this raises an E_FATAL. From 5.3.9 forward, it works.
>>>
>>> Having this would allow us to fix a situation with the way translation
>>> works across components; not having it means we're stuck with some of
>>> those problems.
>>>
>>> There are other issues as well: ArrayObject has had a lively history
>>> of malfunctioning with 5.3 and 5.4, and there are  some odd behaviors
>>> in the object model as well that have been corrected starting in 5.3.7
>>> and up.
>>>
>>> Considering PHP 5.3 has already reached end of life status
>>> (http://php.net/archive/2013.php#id2013-07-11-1), upping the minimum
>>> version seems like "a good idea."
>>>
>>> My question, then is:
>>>
>>> - Should we up the minimum required PHP version for ZF2?
>>> - If your answer was "no", why not?
>>> - If your answer was "yes", what version should become the next
>>> minimum supported PHP version? Why?
>>>
>>> NOTE: we are not announcing that we will up the minimum required
>>> version at this time; I'm soliciting feedback so we can make a
>>> decision.
>>>
>>> Thanks in advance!
>>>
>>> --
>>> Matthew Weier O'Phinney
>>> Project Lead            | [hidden email]
>>> Zend Framework          | http://framework.zend.com/
>>> PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc
>>
>>
>>
>> --
>> Matthew Weier O'Phinney
>> Project Lead            | [hidden email]
>> Zend Framework          | http://framework.zend.com/
>> PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc
>
> --
> List: [hidden email]
> Info: http://framework.zend.com/archives
> Unsubscribe: [hidden email]
>
>



--
Matthew Weier O'Phinney
Project Lead            | [hidden email]
Zend Framework          | http://framework.zend.com/
PGP key: http://framework.zend.com/zf-matthew-pgp-key.asc

--
List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]