Page 1 of 12

[Discuss] phpBB Release, Security and Support Plan

Posted: Sun Mar 08, 2015 7:47 pm
by naderman
Please use this topic to discuss the phpBB Release, Security and Support Plan announcement.

Re: [Discuss] phpBB Release, Security and Support Plan

Posted: Sun Mar 08, 2015 8:06 pm
by Khaos-Rage
I like this but I'm sure some people may be concerned about 3.0 support ending in May, but 8 years is a long time to support and patch software.

Re: [Discuss] phpBB Release, Security and Support Plan

Posted: Sun Mar 08, 2015 8:08 pm
by Swanny
How major are these 3.2 and 3.3 releases? The timeline seems aggressive compared to recent years where the phpBB updates were minimal. I have many forums and it's a lot of work to upgrade to 3.1.x. Backups, testing, tweaking colors, etc.

Re: [Discuss] phpBB Release, Security and Support Plan

Posted: Sun Mar 08, 2015 8:39 pm
by koraldon
A couple of question -
A) will minor versions require a simple update, such as 3.1.2 -> 3.1.3, or a migration like 3.0->3.1?
B) will there be b/c for extensions and styles between minor versions?

For joomla minor versions keep b/c and it is easy to update, so the schedule is good.
But if it is like going from 3.0->3.1, that's bad - I don't want to update the style and the whole board every 18 months. A sensible period should be 3-4 years of no need for major upgrades.,

Re: [Discuss] phpBB Release, Security and Support Plan

Posted: Sun Mar 08, 2015 8:43 pm
by Dannie*
I hope that the codes and editions can't change a lot when someone pass from 3.1 to 3.2, phpBB have lot of problems with extensions and mods when you pass from 3.0 to 3.1

Really?, lot of people are creating extensions for 3.1 knowing that in 2015/Nov 3.2 will be released and they should edit all again.

Re: [Discuss] phpBB Release, Security and Support Plan

Posted: Sun Mar 08, 2015 8:49 pm
by Khaos-Rage
koraldon wrote:A couple of question -
A) will minor versions require a simple update, such as 3.1.2 -> 3.1.3, or a migration like 3.0->3.1?
B) will there be b/c for extensions and styles between minor versions?
I would think now that most of the code has been updated for the symfony framework, It wouldn't be like upgrading from 3.0 to 3.1, it would be easier.

Re: [Discuss] phpBB Release, Security and Support Plan

Posted: Sun Mar 08, 2015 9:55 pm
by KevC
Khaos-Rage wrote:I like this but I'm sure some people may be concerned about 3.0 support ending in May,
That's not what the announcement says.

Support will not end in May. Production of bug fix versions will. To be honest, there haven't been many (or any) critical bugs that affect every day use for a long time.

Re: [Discuss] phpBB Release, Security and Support Plan

Posted: Mon Mar 09, 2015 1:14 am
by DavidIQ
Dannie* wrote:I hope that the codes and editions can't change a lot when someone pass from 3.1 to 3.2, phpBB have lot of problems with extensions and mods when you pass from 3.0 to 3.1

Really?, lot of people are creating extensions for 3.1 knowing that in 2015/Nov 3.2 will be released and they should edit all again.
That is an incorrect assumption/statement. We basically killed MODs with 3.1 but extensions aren't dead with 3.2 and beyond and should not require a whole lot of changes, if any are required at all, to work with future versions.

Re: [Discuss] phpBB Release, Security and Support Plan

Posted: Mon Mar 09, 2015 3:24 am
by CarpCharacin
DavidIQ wrote:
Dannie* wrote:I hope that the codes and editions can't change a lot when someone pass from 3.1 to 3.2, phpBB have lot of problems with extensions and mods when you pass from 3.0 to 3.1

Really?, lot of people are creating extensions for 3.1 knowing that in 2015/Nov 3.2 will be released and they should edit all again.
That is an incorrect assumption/statement. We basically killed MODs with 3.1 but extensions aren't dead with 3.2 and beyond and should not require a whole lot of changes, if any are required at all, to work with future versions.
so if i have a 3.1 board with a lot of extensions installed, does that mean i could upgrade 3.2 once it is released and everything would still work?

Re: [Discuss] phpBB Release, Security and Support Plan

Posted: Mon Mar 09, 2015 9:15 am
by AmigoJack
This at least explains why all my tickets for 3.0 which sat there unfixed for years have been shifted to 3.1, without also adding a fix for 3.0: the work won't "pay off" for the remaining 2 months.

Well, there goes a great product. I'm disappointed by the way phpBB has chosen:
  1. The trigger check is so not being optimized for performance.
  2. While the trigger/extensions approach works for reducing (core) file changes, it is ill-conceived: you can have snow ball effects (extension code by one trigger can (re)match dozens of other triggers without hinting there's no need to (re)match anything else); just adding more hook points will never fully cover all needed cases, not to speak of preventing phpBB code lines from being executed (conditional jumps); ...
    In the end the question comes up why phpBB doesn't use triggers itself and surprisingly it turns out that not everything can be solved by adding trigger hooks.
  3. Relying on external frameworks comes with relying on bugs/threats on that external software. Is this the reason why the phpBB release dates are the same as for Symfony?
  4. The code has become less traceable because of auto-loading classes and configuration files - calling debug_backtrace() is not always a help.
I understand that directly modifying PHP files has its own disadvantages, but the hooking technique is flawed aswell and is just in the way for those who know what they do upon manipulating PHP files.

Closing forums should not be done, as then those who still use those versions are not able to announce found security holes and/or patches for issues anymore - unrelated to if that version is not supported by the team anymore.

Oh, and finally I'm not a friend of redundancy:
naderman wrote:End of Maintenance - End of Maintenance means
That's just as pointless as code comments like

Code: Select all

/**
* This function determines ...
* The function determines ...
* The function uses ...
* The function sets ...
Are most people really needing this? Do I belong to a minority to be able to associated code comments to the very next code (the function) or explanations to the previously named header?

Re: [Discuss] phpBB Release, Security and Support Plan

Posted: Mon Mar 09, 2015 1:38 pm
by DavidIQ
CarpCharacin wrote:so if i have a 3.1 board with a lot of extensions installed, does that mean i could upgrade 3.2 once it is released and everything would still work?
In theory, yes. There might be some needed changes, especially if there are major style changes, but the underlying architecture that makes extensions work, including event existence and locations, should go unchanged from 3.1 forward.

The one likely exception to this is if an extension is relying heavily on the legacy functions, which will obviously be removed from the core product at some point. Extension authors do well in moving away from using those functions, i.e. request_var() and some other functions, and using the available classes that perform the same actions. I don't think I've seen much of this however.

Re: [Discuss] phpBB Release, Security and Support Plan

Posted: Mon Mar 09, 2015 1:54 pm
by Sajaki
Currently the planned schedule is as follows:
(snip)
May 2015 - 3.0.x End of Maintenance
Nov 2015 - 3.0.x End of Life, 3.2.0 Release
I find this abit soon considering that alot of people haven't even started looking at 3.1 (myself included).

Re: [Discuss] phpBB Release, Security and Support Plan

Posted: Mon Mar 09, 2015 2:17 pm
by nickvergessen
Sajaki wrote:
Nov 2015 - 3.0.x End of Life, 3.2.0 Release
I find this abit soon considering that alot of people haven't even started looking at 3.1 (myself included).
Please have a look at the explanation what this means, aswell as:
KevC wrote:
Khaos-Rage wrote:I like this but I'm sure some people may be concerned about 3.0 support ending in May,
That's not what the announcement says.

Support will not end in May. Production of bug fix versions will. To be honest, there haven't been many (or any) critical bugs that affect every day use for a long time.

Re: [Discuss] phpBB Release, Security and Support Plan

Posted: Mon Mar 09, 2015 2:35 pm
by P_I
In theory the concept makes a lot of sense and seems to follow existing models, such as MediaWiki's Version lifecycle.

Given the breakpoint between phpBB 3.0 and 3.1 and the inevitable lag to build up the extension and styles ecosystem, I'm wondering if the gap between 3.1 and 3.2 is a bit too close.

What seems to be missing for me is a feature roadmap that describes what to expect in 3.2, 3.3, etc. I've done a bit of digging around in area51 and it isn't clear what are the feature drivers for phpBB 3.2 and beyond.

Re: [Discuss] phpBB Release, Security and Support Plan

Posted: Mon Mar 09, 2015 2:48 pm
by nickvergessen
P_I wrote:Given the breakpoint between phpBB 3.0 and 3.1 and the inevitable lag to build up the extension and styles ecosystem, I'm wondering if the gap between 3.1 and 3.2 is a bit too close.

What seems to be missing for me is a feature roadmap that describes what to expect in 3.2, 3.3, etc. I've done a bit of digging around in area51 and it isn't clear what are the feature drivers for phpBB 3.2 and beyond.
Basically we name versions wrong all the time:
3.0.6 should have been 3.1 - minor BC break + little new features
3.1.0 should have been 4.0 - large BC break
We just kept the name, because docs and everything were already referencing to these numbers

So 3.1 to the next version shouldn't be too big.

As for 3.2 expecations: you can't find them, because we will release what is done by then. So yes, it should be less breaking since it's only 18 months of feature development, instead of the 7 years for 3.1
This will make updating easier and helps to invalidate the "I can't update because you broke so much" argument.
Little steps now just get a larger version number, to help reflect what we are doing.