Support

Akeeba Backup for Joomla!

#22418 php 5.3,x support

Posted in ‘Akeeba Backup for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Akeeba Backup version
n/a

Latest post by nicholas on Wednesday, 08 April 2015 01:46 CDT

Monday, 06 April 2015 18:04 CDT

freebandtech
Just a quick note to let you that PHP 5.3.10 is still supported on Ubuntu 12.04 LTS and will continuer to receive security updates all the way until 2017, when the version of the OS reaches end of life.
The message that appears on te AB dashboard is, therefore, a tad misleading.

Sources:
http://www.ubuntu.com/usn/usn-2535-1/
https://wiki.ubuntu.com/LTS

Tuesday, 07 April 2015 01:00 CDT

nicholas
PHP 5.3.10 was made End Of Life by its developers on August 2014. This means that the people developing PHP do not provide any security patches for PHP, therefore there is nothing for Ubuntu to include in later versions. Also note that unoffocial backported security patches are

a. not always possible, leading to vulnerabilities left behind in your version of PHP; and

b. might introduce subtle bugs as they have not gone through the same development, vetting, testing and auditing process that regular PHP patches go through.

As a result what you will end up with is NOT PHP 5.3.10, it's a different language executable which cannot be possibly supported. Furthermore, what you end up with is still insecure, outdated and obsolete.

Finally, do note that we still offer security updates for our older versions. We only get an average of one security incident every 2.5 years, that's why you might have not noticed. Last August we did provide security updates even to our Joomla! 1.5 software which was EOL for nearly two years at the time. Again, as I have explicitly stated in the article regarding PHP 5.3 support, you can STILL use our OLD and UNSUPPORTED versions which receive security updates on an as-needed basis.

e CANNOT and WILL NOT guarantee that we can provide such updates for eternity because the requirement to providing any kind of update is being able to test it. For the reasons I painstakingly explained in the article we might NOT be able to test updates against PHP 5.3 in the not-so-distant future. I do think that until 2017 we will still be able to test against PHP 5.3 using obsolete versions of our test servers' virtual machines. Beyond that point things get really, really hairy. For example, I can no longer use the virtual machine which hosted our Windows XP / PHP 5.2 / Joomla! 1.5 testing environment. This means that I can no longer provide updates to our Joomla! 1.5 software since its second most popular environment is now untestable.

In theory I could keep an army of old computers at hand, each one running various degrees of outdated software. But this has a huge cost for hardware, setting up new machines, space occupied (floor space of the cool, dry, free of moisture kind does cost), regularly testing to see if they still fire up etc. If that brought in money I'd be willing to do that. But since it's something which bleeds money I'd rather stop supporting PHP 5.3 sometime in the not-so-distant future.

So, for Pete's sake, upgrade your servers sometime in the next 12 months. You don't HAVE to use a pre-packaged version of extremely outdated PHP. Compiling it yourself is trivial. What's more, you can have multiple PHP versions run side by side. Your self-compiled versions will be up-to-date and more secure, the built-in, pre-packaged PHP 5.3.10-patchwork-of-hacks version will be severely outdated and insecure. I really don't see what's the big deal. In the time it took me to write this reply you could have compiled FOUR versions of PHP and set them up, simply by using the PHP builder script in the Vagrant box I linked to from my article on PHP support!

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 07 April 2015 21:56 CDT

freebandtech
Not sure if the good people at Canonical would agree with you :)
A particular iteration of a distro (or any other complex software collection) is made LTS for a reason: so that it can last without breaking. That is my chief concern, overly cautious as to may seem.
So far I haven't seen any PHP security issue unaddressed in the 12.04 branch, which, as I noted, is valid until 2017.

Of course I could either compile a newer PHP version or even fetch binaries from a PPA, but that would bring some maintenance hassle I'm not willing to go through (been there when I didn't know better).
I, for one, do not find compiling from source practical at any level, optimised as the outcome certainly is... can be quite a nightmare down the road, unless the whole system is compiled from source files, a la Gentoo or T2).
The purpose of my ticket was simply to let you know that PHP 5.3.10 packages will be supported in the official Ubuntu 12.04 repos for a couple of years more (don't quite agree with your assessment on this front, sorry; all I care about is to keep the environment secure and in working order, no matter how obsolete and unfashionable; until the LTS reach end of life).

In any event, I will take all the necessary measures to keep your superlative extensions running, if need be. Particularly if either AB or AT stop working on PHP 5.3.10 altogether.
Some servers I am in charge of already run PHP 5,5 and 5.6, therefore I should not worry about incompatibilities with your products on those... at least for the time being, that is.

Last but not least, thanks for the thorough reply.
Bottomline, you ought to make tough choices in such a diverse plethora of systems, platforms, settings, versions, customisations and so forth. Completely understandable.

Wednesday, 08 April 2015 01:46 CDT

nicholas
I've also seen Citroën 2CV on the street. They're still street legal. Does that make them as safe or efficient to drive as a modern car? Same with PHP 5.3 on a live site. It looks good, until you realise that it's slow, inefficient and any crash will be fatal.

This conversation is finished. We are NOT going to test our software against PHP 5.3 starting this June. If it still works, fine. If it doesn't, you have been warned. Please note that you have been warned to upgrade since April 2015.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!