Jonathan Billings
2017-Sep-19 18:06 UTC
[CentOS] CentOS, PHP & OwnCloud/Nextcloud: the version dilemma
On Tue, Sep 19, 2017 at 07:59:00PM +0200, rainer at ultra-secure.de wrote:> With PHP, I try to stay as close to upstream as possible. > If upstream EOLs a version, it's time to upgrade. > > If you want something stable, don't run PHP.Unfortunately, with that philosophy but not much systems management experience, you end up with custom-compiled and local installs of PHP that get no security updates, particularly as you get version lock-in by the web application developers, or when you have a sysadmin move on to a new position or company. I think the statement "If you want something stable, don't run PHP" is a very wise statement though. -- Jonathan Billings <billings at negate.org>
Unfortunately the same can be said about Ruby, RoR, Python etc etc etc. Personally I think it's perfectly reasonable to track Nextcloud upgrades combined with SCL major upgrades once every couple of years. Check life times here: https://access.redhat.com/support/policy/updates/rhscl -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ----- Original Message -----> From: "Jonathan Billings" <billings at negate.org> > To: "CentOS mailing list" <centos at centos.org> > Sent: Tuesday, 19 September, 2017 19:06:55 > Subject: Re: [CentOS] CentOS, PHP & OwnCloud/Nextcloud: the version dilemma> On Tue, Sep 19, 2017 at 07:59:00PM +0200, rainer at ultra-secure.de wrote: >> With PHP, I try to stay as close to upstream as possible. >> If upstream EOLs a version, it's time to upgrade. >> >> If you want something stable, don't run PHP. > > Unfortunately, with that philosophy but not much systems management > experience, you end up with custom-compiled and local installs of PHP > that get no security updates, particularly as you get version lock-in > by the web application developers, or when you have a sysadmin move on > to a new position or company. > > I think the statement "If you want something stable, don't run PHP" is > a very wise statement though. > > -- > Jonathan Billings <billings at negate.org> > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos
rainer at ultra-secure.de
2017-Sep-19 18:43 UTC
[CentOS] CentOS, PHP & OwnCloud/Nextcloud: the version dilemma
Am 2017-09-19 20:06, schrieb Jonathan Billings:> On Tue, Sep 19, 2017 at 07:59:00PM +0200, rainer at ultra-secure.de wrote: >> With PHP, I try to stay as close to upstream as possible. >> If upstream EOLs a version, it's time to upgrade. >> >> If you want something stable, don't run PHP. > > Unfortunately, with that philosophy but not much systems management > experience, you end up with custom-compiled and local installs of PHP > that get no security updates, particularly as you get version lock-in > by the web application developers, or when you have a sysadmin move on > to a new position or company. >Yep. We've got a lot of those "abandoned" PHP webs that can't be moved because they only run on anything between PHP 4.4 and 5.5 Usually it's Typo3 or so. To move from Typo3 4.3 on PHP 5.3 to PHP 7, you'd have to upgrade to Typo3 6.something on that PHP5.3 host, then move that installation to a PHP 5.5 host, where you could upgrade to Typo3 7 LTS, which you could then move to a PHP 7 host. Obviously, none of the custom extensions and a lot of "hacks" would survive even the first upgrade/move - and thankfully usually everybody is sane enough to even think about doing that. You'd have to start from scratch, which would cost the customer real money (would have to pay some agency to re-design the website), so it never gets done. This is especially true for customers from the hospitality sector, which are especially stingy for any kind of expenditures. Because, as everybody can see, the website still runs and as such it does not need an upgrade.> I think the statement "If you want something stable, don't run PHP" is > a very wise statement though.PHP is not stable in the same sense as RHEL 7 is stable. On RHEL, it's sort-of stable - but only for a rather small amount of PHP modules. And as such, it's not (IMO) useful for anything but legacy stuff that you can't move or upgrade.
Valeri Galtsev
2017-Sep-19 19:02 UTC
[CentOS] CentOS, PHP & OwnCloud/Nextcloud: the version dilemma
On Tue, September 19, 2017 1:42 pm, Nux! wrote:> Unfortunately the same can be said about Ruby, RoR, Python etc etc etc.It is not as much true about languages themselves (though it is true, and I for one call python "sneaky snake" just because of that ;-), as about how the software using these languages is written. E.g. well known mailman. I never had it give me any trouble wherever I have/had it installed, even though it is written in "sneaky snake" (python). This is example of brilliantly written software! So, all these incompatibilities and upgrade trouble, or rather absence of thereof, is about how well the programmers have written their code. Namely, whether they use only fundamental abilities of the language which are unlikely to change for long time, or chase after one day fancy features that tend to evaporate quickly, or get transformed soon. I probably should have put "rant" tags... or maybe shouldn't. Valeri> > Personally I think it's perfectly reasonable to track Nextcloud upgrades > combined with SCL major upgrades once every couple of years. > > Check life times here: > https://access.redhat.com/support/policy/updates/rhscl > > -- > Sent from the Delta quadrant using Borg technology! > > Nux! > www.nux.ro > > ----- Original Message ----- >> From: "Jonathan Billings" <billings at negate.org> >> To: "CentOS mailing list" <centos at centos.org> >> Sent: Tuesday, 19 September, 2017 19:06:55 >> Subject: Re: [CentOS] CentOS, PHP & OwnCloud/Nextcloud: the version >> dilemma > >> On Tue, Sep 19, 2017 at 07:59:00PM +0200, rainer at ultra-secure.de wrote: >>> With PHP, I try to stay as close to upstream as possible. >>> If upstream EOLs a version, it's time to upgrade. >>> >>> If you want something stable, don't run PHP. >> >> Unfortunately, with that philosophy but not much systems management >> experience, you end up with custom-compiled and local installs of PHP >> that get no security updates, particularly as you get version lock-in >> by the web application developers, or when you have a sysadmin move on >> to a new position or company. >> >> I think the statement "If you want something stable, don't run PHP" is >> a very wise statement though. >> >> -- >> Jonathan Billings <billings at negate.org> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Reasonably Related Threads
- [OT] CentOS, PHP & OwnCloud/Nextcloud: the version dilemma
- CentOS, PHP & OwnCloud/Nextcloud: the version dilemma
- CentOS, PHP & OwnCloud/Nextcloud: the version dilemma
- CentOS, PHP & OwnCloud/Nextcloud: the version dilemma
- CentOS, PHP & OwnCloud/Nextcloud: the version dilemma