Hi!
What I'm answering is the proposal that removing support for PHP 5.3 will motivate the user to upgrade their PHP, when that isn't the case.
It may not motivate them to upgrade their PHP if their hosting can not provide that, but it will motivate them to upgrade their hosting, if the hosting refuses to upgrade their PHP. Hosting is so commoditized now that I don't believe one can't find a dozen of PHP hosters literally in seconds. And most hosters already support multiple PHP versions anyway.
I recall this has been the conclusion reached on this list previously
- that this will cause problems for MW out in the world, and gain it
an unwarranted reputation for insecurity as un-upgradeable installations get pwned. Thus, if newer MW still supports older PHP, this results in less pwned MW. The balance is up to you, of course.
I have hard time buying this argument. If it were true, the strategy of doing version upgrades and phasing out old version support would not survive, or at least would be very rare among software vendors, while in fact most software platform vendors are doing exactly that - phasing out old versions and requiring upgrading to new versions, all the time, both in open source and proprietary world. Yet I don't remember any of the vendors gaining reputation of particularly insecure product because of such upgrade strategy. I do not see why MW would be an exception.
I think most people that have business talking about security and evaluating which product is secure and which is not can distinguish the case of product being flawed from the case of somebody running an ancient version of the software and never upgrading. Maybe I'm too optimistic, but I also think solving an education problem by never educating and staying on ancient versions out of fear that uneducated FUD may hurt our reputation does not sound like a winning strategy for me.