Hi php 5.5 is still probly years from being minium in mediawiki due to so many users use php 5.3 and 5.4. It would be a bigger impact on mediawiki then when we switch to 5.3 from the prevous minium of 5.2. On Sunday, 19 July 2015, 15:15, Bryan Davis <bd808(a)wikimedia.org> wrote: On Sun, Jul 19, 2015 at 4:35 AM, bawolff <bawolff+wn(a)gmail.com> wrote: Some WMF production hosts are still on PHP 5.3.10 so as Tim pointed out last spring [0] we shouldn't drop 5.3 support until after the entirety of the WMF server fleet are all switched over to HHVM or at least a newer version of PHP5. Aaron's patch probably needs to be either reverted or amended to remove the incompatible change. I'd really like us to switch to PHP 5.5 as the minimum supported version sooner rather than later but as I once heard on irc, it would be a bit inconvenient if Wikimedia could not run MediaWiki. [0]: http://www.gossamer-threads.com/lists/wiki/wikitech/436441#436441 -- Bryan Davis              Wikimedia Foundation    <bd808(a)wikimedia.org> [[m:User:BDavis_(WMF)]]  Sr Software Engineer            Boise, ID USA irc: bd808                                        v:415.839.6885 x6855 _______________________________________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l

On 19 July 2015 at 19:41, Stas Malyshev <smalyshev(a)wikimedia.org> wrote: If this is all their host provides, however, this will in practice lead only to never-updated MediaWiki running on never-updated PHP. - d.

On 20 July 2015 at 17:03, Greg Grossmeier <greg(a)wikimedia.org> wrote: What I'm answering is the proposal that removing support for PHP 5.3 will motivate the user to upgrade their PHP, when that isn't the case. I recall this has been the conclusion reached on this list previously - that this will cause problems for MW out in the world, and gain it an unwarranted reputation for insecurity as un-upgradeable installations get pwned. Thus, if newer MW still supports older PHP, this results in less pwned MW. The balance is up to you, of course. - d.

Just as a counter-argument (and, to be clear, I do support raising our minimum version), just because PHP has EOL'ed a version does not mean that some distributions (esp. Debian, Ubuntu) are not providing additional support and security updates. If I remember from the last time we had this discussion, it will still be a couple more months before PHP 5.3 is no longer supported by most major distros, and it will be a while before 5.4 is no longer supported. --  Tyler Romeo https://parent5446.nyc 0x405D34A7C86B42DF

On Tue, Jul 21, 2015 at 2:44 AM, Moritz Muhlenhoff <mmuhlenhoff(a)wikimedia.org> wrote: https://wikiapiary.com/w/index.php?title=Special:SearchByProperty&limit… is also something to keep in mind --bawolff

One thing I forgot to mention: while you're considering Debian and Ubuntu support, make sure to also take into account MediaWiki support. Even if we upgrade our minimum PHP version now, older versions of MediaWiki with the 5.3 requirement will still be supported and receive security updates. So the only difference will be that people running Debian oldstable will be locked into our older version and not be able to upgrade to bleeding edge MediaWiki, which they probably won't do anyway considering they haven't even upgraded their Debian. :P --  Tyler Romeo https://parent5446.nyc 0x405D34A7C86B42DF

On Tue, 21 Jul 2015 22:22:41 +0200, Gergo Tisza <gtisza(a)wikimedia.org> wrote: Indeed, I think this is a very good argument. Do we want to do this now? Or do we want to fix the accidentally broken 5.3.3 compatibility for now, and then intentionally break it in a few months? Should the upcoming MediaWiki 1.26 release be compatibly with 5.3.3? -- Bartosz Dziewoński

Hi! It may not motivate them to upgrade their PHP if their hosting can not provide that, but it will motivate them to upgrade their hosting, if the hosting refuses to upgrade their PHP. Hosting is so commoditized now that I don't believe one can't find a dozen of PHP hosters literally in seconds. And most hosters already support multiple PHP versions anyway. I have hard time buying this argument. If it were true, the strategy of doing version upgrades and phasing out old version support would not survive, or at least would be very rare among software vendors, while in fact most software platform vendors are doing exactly that - phasing out old versions and requiring upgrading to new versions, all the time, both in open source and proprietary world. Yet I don't remember any of the vendors gaining reputation of particularly insecure product because of such upgrade strategy. I do not see why MW would be an exception. I think most people that have business talking about security and evaluating which product is secure and which is not can distinguish the case of product being flawed from the case of somebody running an ancient version of the software and never upgrading. Maybe I'm too optimistic, but I also think solving an education problem by never educating and staying on ancient versions out of fear that uneducated FUD may hurt our reputation does not sound like a winning strategy for me. -- Stas Malyshev smalyshev(a)wikimedia.org

side note: How come php 5.3.3 support broken accidentally? Isn't Jenkins script validates compatibility with the min php? :) On Wed, Jul 22, 2015 at 9:36 PM, Krinkle <krinklemail(a)gmail.com> wrote:

On Wed, 22 Jul 2015 22:18:57 +0200, Eran Rosenthal <eranroz89(a)gmail.com> wrote: We run unit tests, but on PHP 5.3.10, according to the console output. (For example https://integration.wikimedia.org/ci/job/mediawiki-phpunit-zend/6594/consol…) (Also, that only catches incompatibilities in code that has unit tests. ;) I've ran into 5.3 compat breakages in the past when I added new features with tests, that used some existing code without tests.) -- Bartosz Dziewoński

On Thu, 23 Jul 2015 12:19:13 +0200, bawolff <bawolff+wn(a)gmail.com> wrote: Yes, it does. (For posterity, my example was commit 5042d260ce5190cce0c325b7cb5b618b3cff73bc, which fixed 5.3 compat breakage caught by 5ed35b04c99abbd7a8d015402f359c7002c491eb, a regression from aa00a3e8384a87430f82739507e09bb74c6b40ec. All three commits in this case were my own.) -- Bartosz Dziewoński