https://area51.phpbb.com/phpBB/viewtopi ... 81&t=50831
It discouraged me.
As a community, it is not up to us to decide these things. It should not be up to a vote proposing EOL versions of PHP and soon-to-be EOL versions of PHP to determine which version should be supported in future phpBB releases. The decision is based on a source. That source comes from the link located here:
As developers, you decide what is best for the community. Making smart decisions such as integrating the latest software for stability and security, and supporting only the supported versions of PHP must always be a priority when dealing with time-frames and schedules.
Based on the release schedule (https://www.phpbb.com/about/release/), it is clear which version of PHP must be supported starting with phpBB 3.3.x. Scheduled for December, 2017 with an EOL in December, 2019, PHP 7.0 will already be EOL for nearly a year during that time. That means people will be running insecure version of PHP for 11 months because the phpBB team allowed it due to a popular vote. The obvious choice here is clearly PHP 7.1 beginning with phpBB 3.3.x. It doesn't matter what the votes are. It would be unwise and irresponsible to support an obsolete and unsupported version of PHP.
Firefox 51.0 came out today. It now warns users if a site does not use https when a username and password are required for logging in.
http://www.tomshardware.com/news/firefo ... 33468.html
This same concept should be applied in phpBB if a website does not support SSL/TLS. A page should be displayed to users that attempt to log in over an insecure connection with a confirmation. The same should apply for those that register over http.
WordPress is also taking this route :
2017 is going to be the year that we’re going to see features in WordPress which require hosts to have HTTPS available.
I hope these proposals are taken into consideration as new features in the phpBB 3.3.x code and beyond. CloudFlare is a great place to get free SSL keys. I've never set up SSL on my website until just this month. They made it really easy for first-time users. There's no excuse to not use encryption anymore.