* Manuel Lemos <mlemos@xxxxxxx>: > Hello, > > on 12/16/2004 01:27 AM Greg Donald said the following: > > > >I have all kinds of old software that doesn't work anymore. > > >That is because you changed the environment on which it was working. > > > > Exactly my point. I don't control when M$ depricates their operating > > systems. I don't control when my favorite Linux distro upgrades their > > glibc. You have to upgrade at some point or be vulnerable to the > > security issues that follow. > > > >The point is that if you do not need to use the latest version, just > > >stick to the one you have and works for you. > > > > Well, I'm not gonna run windows 95 just to play Afterlife. > > The point is that old software versions that work on old environment > versions do not need you to upgrade the environment version even the > vendor deprecates the old version. While you think that newer versions > will not have old bugs that probably were not affecting you, chances are > that newer versions have newer bugs that may break your applications, > especially if you upgrade right after those new versions are released. Greg's point is that sometimes you *must* upgrade because the "old", possibly unnoticed bugs create may security vulnerabilities that you can't live with. If a library your application depends on (and that library could be PHP) has a security flaw that could allow permission escalation, for instance, and a patch exists for it, you'd be crazy or stupid not to perform the upgrade. If the upgrade breaks the application that depends on it... well, that's why we're coding in PHP, right? So that we have the freedom to fix these things, instead of relying on vendors. (Man, I love OSS!) You *do* make valid points about making needless upgrade -- if no security vulnerabilities exist, the application works fine, and you don't need features from the new version, there really is no reason to upgrade. But when a security vulnerability *does* exist, and it *could* affect your application, you've got another issue entirely on your hands. The trick is learning to distinguish between the two. -- Matthew Weier O'Phinney | mailto:matthew@xxxxxxxxxx Webmaster and IT Specialist | http://www.garden.org National Gardening Association | http://www.kidsgardening.com 802-863-5251 x156 | http://nationalgardenmonth.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
