[PLUG] Joe Jobbed
Ronald Chmara
ron at Opus1.COM
Thu Oct 11 04:20:42 UTC 2007
On Oct 10, 2007, at 7:12 AM, Brent Rieck wrote:
> Ronald Chmara wrote:
>> #php -v
>>
>> If you're not at 5.2.4 (or a patched equivalent), you're running bad
>> code, with literally *thousands* of security and stability patches
>> omitted.
>
> They fixed *thousands* of things in between versions 5.2.3 and 5.2.4?
One quick-and-dirty metric (hey, how many lines would a unified patch
be?):
Ronald-Chmaras-Computer:~/Desktop rchmara$ diff -u -r php-5.2.3
php-5.2.4 | wc -l
145730
Only ~145 thousand lines of code (and context) to peruse, in case you
want to manually backport it.
The php codebase changes *fast*. A hundred or so regular developers
here, a thousand contributors there (PHP has 1221 currently active
project members), and pretty soon, you're talking about some fairly
frequent code changes. (There's a reason the whole thing is checked
out, rebuilt, and re-tested every 2 hours, 24 hours a day...) Often,
fixing one bug will uncover a few more, or *create* a few more, and
thus, a simple one-line patch can balloon into a series of 20-30 new
patches, or a major refactoring project.
So, every so often, somebody will suggest wrapping the latest batch
of documented bug fixes, or publicly incrementing to highlight a
critical fix/change/security issue/whatever, and a "Release
Candidate" is born, and if it's tested clean, will go live.
The most minor version number used by PHP, IOW, can be for a few
lines of fixing (as has happened)..... or for a 50K LOC change.
So yes, thousands of patches in some cases, 1 patch in other cases.
-Bop
More information about the PLUG
mailing list