[imp] All my PGP signed messages marked as BAD

Simon Wilson simon at simonandkate.net
Sun Jun 9 12:48:35 UTC 2013


>> Quoting simon at simonandkate.net:
>>
>>>> You wouldn't happen to be using an old version of PHP, are you?   
>>>> Like  PHP 5.3.3?
>>>>
>>>> stream_get_contents() is buggy in older versions of PHP, IIRC.
>>>>
>>>> michael
>>>>
>>>
>>> Centos 6.4, PHP 5.3.3.
>>>
>>> I'd imagine there would be quite a few still running 5.3.3?  
>>> Particularly as it is the packaged version on RH and derivatives...
>>
>> See the previous discussion on this topic in the list archives.   
>> Namely: just because your distribution uses a certain version of a  
>> code interpreter (i.e. PHP), that does not mean you are locked to  
>> that version.  There are all sorts of 3rd party options.
>>
>> At this point, if you are still running something like PHP 5.3.3  
>> almost 3 years after its release, that is a security risk. (Vendor  
>> specific "security patches" do NOT provide adequate support.)   
>> There have now been **23** additional bug/security fixes since  
>> 5.3.3, and that doesn't account for the fact that PHP 5.4 was long  
>> ago released and is stable, and PHP 5.5 is now in the RC stages.
>>
>> Additionally, as mentioned before, we support the PHP 5.3 **API**,  
>> not the actual distributed version of PHP 5.3.0 itself.  Our  
>> documentation doesn't make this distinction because it would be  
>> confusing to most users.
>>
>> So obviously there is something wrong with the way  
>> stream_get_contents() works on these ancient releases.  I'll have  
>> to find a workaround, but this is not a high priority since there  
>> is nothing wrong with the code itself.
>>
>> michael
>>
>
> Thanks Michael, and understood.
>
> Your git commit at  
> https://github.com/horde/horde/commit/6a108ab40cbabbbf9a9b7e77d7fee21554c2784d seems to resolve  
> btw.
>
> Simon.
>

Using the IUS repo I can fairly simply upgrade to 5.3.25, or to  
5.4.15, and still be within a repo-based RPM environment. Both  
versions were released May 2013.

Question though, what effect does that have on all the pear and pecl  
modules that are installed? I imagine if I stick within php 5.3  
probably not much? But what about if I go to php 5.4?

I don't want to break things just because I don't understand the  
relationship between installed pear and pecl modules, with the  
system's version of PHP.

Simon.



--
Simon Wilson
M: 0400 12 11 16
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 1339 bytes
Desc: PGP Public Key
URL: <http://lists.horde.org/archives/imp/attachments/20130609/52e01d5d/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: PGP Digital Signature
URL: <http://lists.horde.org/archives/imp/attachments/20130609/52e01d5d/attachment-0001.bin>


More information about the imp mailing list