Sylius: [RFC] Dropping support for PHP 5.5
Hello!
As PHP 5.5 loses the security support on 10 Jul 2016, we need to consider whether Sylius should support it longer than that.
Supporting PHP 5.5 requires us to check every commit against it, which results in longer feedback cycle (especially now, while there are single components and bundles tested too). It also prevents us from using awesome, new features like variadics or constant expressions.
IMHO Sylius as a project should enforce some good practices - dropping support together with PHP security updates is one of them. Personally I'd like to support only PHP 7, but we also need the people that uses the project :)
We must have in mind that when Sylius hits 1.0, we will have to support the minimal PHP version until 2.0 comes.
Moreover, PHP 5.6 is LTS version (security support ends up on 31 Dec 2018) and PhpSpec 3 will require at least that one.
So, the question is: Should we support PHP 5.5 after the PHP drops security support for it or should we go for PHP 5.6?
pamil
All 13 comments
5.6+, using 7 here.
peteward
on 21 Mar 2016
There are very few BC breaks between 5.5 and 5.6 so i'm totally :+1: on 5.6+
Using 7 here aswell
okwinza
on 21 Mar 2016
I use 7 too. I think a lot of people are using PHP7 since it is such a big change with a lot of benefits. Maybe you could even consider 7+.
koemeet
on 21 Mar 2016
5.6+, using 7 here.
Same for us
tristanbes
on 21 Mar 2016
I think we should do 5.6 and 7.0, release beta and see then whether final 1.0 will be 5.6+ or 7.0+.
pjedrzejewski
on 21 Mar 2016
5.6+, using 5.6 :smiling_imp:
I think the lower is quite appreciable, even more when they are LTS (as the same for symfony version in sylius, mentioned in #3564 )
The only reason for me to bump to an higher version will be some criticals functions not availableon lower and that could increase significantly perfomances or code readability.
Niiko
on 21 Mar 2016
For me this is kinda "too fast"...
Pros:
- new features etc.,
- "more security" & stability with extended support,
Cons:
- Symfony 3 will support 5.5.9+,
- no real usage in code of new features (those two mentioned are nice, but for sure not a "must have" that forces to drop this PHP version),
- did we really faced any issue that exists already on 5.5.9 & is fixed only at 5.6+ ?
stloyd
on 21 Mar 2016
As for Symfony supporting 5.5.9+, it shouldn't be our concern as our ^5.6|^7.0 requirements will still be satisfied.
The new features will only be the side effect, the real profit here is that we can grow more stable code on still supported platform and do not worry about security bugs. Moreover, the Travis builds will take 40% less time, which will let us receive the feedback faster and test the code even more (there are some bottlenecks in the afternoon hours, we're committing way too much :tada:).
There weren't any issues specific to PHP 5.5, but the tooling we are using is releasing the new versions with similar requirements - PhpUnit 5, PhpSpec 3.
pamil
on 21 Mar 2016
Moreover, the Travis builds will take 40% less time, which will let us receive the feedback faster and test the code even more
The time of a build is not a valid argument to drop the support of a version ;)
I tend to agree with @stloyd.
The real and only question imvho is about hosting providers. Do the vast majority support PHP5.6? If they run with Debian/Ubuntu latest stable releases, then no problem, you can drop the PHP5 support. I have no idea about that.
Also, when do you target a stable version? Maybe this change should be done during the stable release and we could stay like this during the beta. My 2 cents.
Keep going Sylius team, you rock :)
jjanvier
on 21 Mar 2016
:+1: for droping support. I think there should be something like a release documentation when a php version should be dropped like phpunit [1] and typo3 [2] has.
Platform support
When selecting the new minimum system requirements for a next major version, the following is taken into consideration:
- Benefits when rising minimum requirements for developers and system administrators (usage of new features).
- Considerations of the whole lifespan of the product, meaning keeping the minimum requirements for the next four years, and considering the effort to backport to older versions by then.
- Release schedule and maturity from upstream packages (i.e. PHP, MySQL)
- Current technical availability of the upstream packages for major distributions (Debian, Ubuntu, CentOS, RedHat) as well as development environments (Xamp, Homebrew, etc)
Considering support on hosting platforms @jjanvier IIRC Sylius is not intended to be used on standard web space hosting and needs at minimum a vServer/dedicated SSH access it's not a problem to drop the support. Only the availability of the version in current supported mainstream distributions is a big criteria. See http://phpversions.info/operating-systems/
It's good to prevent installations on insecure PHP versions, otherwise there will always be a percentage of users too, which blame the project if their system got hacked because of insecure PHP or webserver..
1: https://github.com/sebastianbergmann/phpunit/wiki/Release-Process#php-version-requirement
2: https://typo3.org/teams-committees/core-development/resources/release-lifecycle/ section Platform Support
EmiiKhaos
on 21 Mar 2016
Thanks for the link @patkar, very useful :)
jjanvier
on 21 Mar 2016
5.6+, tag before dropping 5.5.
umpirsky
on 21 Mar 2016
Given the following factors:
- The duration Sylius has been in development for.
- How long Sylius 1.0 will likely be supported for.
- The new lifecycle of PHP versions.
It would make sense to both drop non Active Support versions before a 1.0 release, and to support a minumum version of 5.6 which has longer term support than other versions of PHP.
adamelso
on 22 Mar 2016
Related issues
stefandoorn
路
3Comments
tchapi
路
3Comments
bnd170
路
3Comments
xleliberty
路
3Comments
foxou33
路
3Comments
Most helpful comment
5.6+, tag before dropping 5.5.