[wp-trac] [WordPress Trac] #33381: Strategize the updating of minimum PHP version.

WordPress Trac noreply at wordpress.org
Fri Apr 15 20:01:10 UTC 2016 

#33381: Strategize the updating of minimum PHP version.
--------------------------------------------------+-----------------------
 Reporter:  alexander.rohmann                     |       Owner:  jorbin
     Type:  enhancement                           |      Status:  assigned
 Priority:  normal                                |   Milestone:
Component:  General                               |     Version:
 Severity:  normal                                |  Resolution:
 Keywords:  needs-codex dev-feedback 2nd-opinion  |     Focuses:
--------------------------------------------------+-----------------------

Comment (by jdgrimes):

 Replying to [comment:71 jorbin]:
 > I think that what we need to do here is not solve this for the short
 term, but come up with a long-term policy for versions of PHP that we
 support.  This will help prevent this discussion from constantly coming
 up.  While it is about php 5.2 right now, it was about php 4 before and
 one day it's going to be about the entire php 5 release branch. In a far
 off world, it's going to be about PHP 7.  Let's fix it all now.

 I absolutely agree. This is exactly what I (and others too) have been
 advocating above. Thank you for "owning" this discussion. :-)

 > 1) If we update too early, we leave users running both an insecure
 version of PHP and an insecure version of WordPress. That's a lot of
 surface area for attacks.

 This is true, however, as long as we continue to push out security updates
 for older versions of WordPress (back to 3.7), this is really not much of
 an issue. Just because they can't update WordPress doesn't mean that they
 won't receive automatic security updates. (Unless they are running a
 version before 3.7, in which case they are already insecure.)

 > 2) Most people who run a WordPress site don't know what PHP is, let
 alone what version they are running. Telling many of them they need to
 update PHP is roughly equivilant to telling a whale to walk on land.

 This is the part that some of us are having trouble comprehending. (We're
 developers, after all!) But I'm sure it is true for many users, and as far
 as I can see it is the biggest issue that we have: there is no easy way to
 do this without involving the user in something that they really don't
 understand (and shouldn't have to on the modern web, IMO). I guess maybe
 we really need some creative ideas here.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/33381#comment:72>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list