[PLUG] Joe Jobbed

Ronald Chmara ron at Opus1.COM
Thu Oct 11 04:20:42 UTC 2007


On Oct 10, 2007, at 7:12 AM, Brent Rieck wrote:

> Ronald Chmara wrote:
>> #php -v
>>
>> If you're not at 5.2.4 (or a patched equivalent), you're running bad
>> code, with literally *thousands* of security and stability patches
>> omitted.
>
> They fixed *thousands* of things in between versions 5.2.3 and 5.2.4?

One quick-and-dirty metric (hey, how many lines would a unified patch  
be?):
Ronald-Chmaras-Computer:~/Desktop rchmara$ diff -u -r php-5.2.3  
php-5.2.4  | wc -l
   145730

Only ~145 thousand lines of code (and context) to peruse, in case you  
want to manually backport it.

The php codebase changes *fast*. A hundred or so regular developers  
here, a thousand contributors there (PHP has 1221 currently active  
project members), and pretty soon, you're talking about some fairly  
frequent code changes. (There's a reason the whole thing is checked  
out, rebuilt, and re-tested every 2 hours, 24 hours a day...) Often,  
fixing one bug will uncover a few more, or *create* a few more, and  
thus, a simple one-line patch can balloon into a series of 20-30 new  
patches, or a major refactoring project.

So, every so often, somebody will suggest wrapping the latest batch  
of documented bug fixes, or publicly incrementing to highlight a  
critical fix/change/security issue/whatever, and a "Release  
Candidate" is born, and if it's tested clean, will go live.

The most minor version number used by PHP, IOW, can be for a few  
lines of fixing (as has happened)..... or for a 50K LOC change.

So yes, thousands of patches in some cases, 1 patch in other cases.

-Bop



More information about the PLUG mailing list