Publishing Releases - Build on PHP 5 and PHP 7

Question

Publishing Releases - Build on PHP 5 and PHP 7

paragonie-scott opened this issue 6 years ago · 4 comments

https://github.com/defuse/php-encryption/blob/master/docs/InternalDeveloperDocs.md#publishing-releases

Related to #433, we should produce two versions of the Phar and sign them both:

defuse-crypto.phar is the preferred (default), which was built on PHP 7
defuse-crypto-php5.phar should be built on PHP 5 (so Composer resolves random_compat v2 instead of random_compat v9, which makes it actually bundle the polyfill)

Answer 1 · 2019-12-17T02:52:37.000Z

Can we remove support for PHP 5 or would that be suicide for this library? It's been EOL for over a year and even Debian oldstable has PHP 7 at this point. PHP 5 is rarely used among Composer users as well.

Answer 2 · 2019-12-17T03:12:19.000Z

The EOL is important since I think that webmasters are self-responsible if they continue to run outdated software for many years. However, the life of PHP 5.6 ended in December 31, 2018 which is not so long ago. This is only a personal feeling, but I think we should keep compatibility until December 31, 2020.

Moreover the statistics of Wordpress say that still 35.1‬% of the servers which are running Wordpress use PHP 5.X. That is enormous and, by the way, it astonishes me a little bit.

Answer 3 · 2019-12-17T03:17:38.000Z

Yikes, that's not good for the PHP ecosystem. I think we'll have to continue supporting 5.6 for a bit. Thanks!

Answer 4 · 2021-04-09T23:06:57.000Z

Ah shit the .phar in the release I just put out is probably broken for PHP 5 lol.

I'm going to close this by saying anyone still on PHP 5 can keep using the older version's .phar. If there are actual security vulnerabilities found then I will make a PHP5-compatible phar.

I hope everyone is using composer by now.