On 05/12/15 06:52, Jan Steinman wrote:
I'm not exactly a "noob", but I haven't kept up with PHP changes -- what is running is running, so why change?
It is important to keep up with security releases. If your server is compromised, it can be used to host fraudulent websites, participate in DDoS attacks and send spam. The criminals of the internet depend on people like you who don't care about security. You are an essential part of their infrastructure.
So I was just punting on the "how long will it take to upgrade?" question. (I said "More than an hour", because just finding out the impact will take that long!)
So what exactly is the expected impact of upgrading PHP 5.3.8 to 5.5 or greater? (Note: I'm now officially in that "more than an hour" of upgrading.)
Having been stung by various upgrades over the years, I tend to not touch stuff that isn't broken. I'm running several MediaWiki sites between 1.13 and 1.16. I'd sorta like to upgrade, but I don't know what that buys me, and y'know, they're all working... :-)
I can't say I have tried to run MediaWiki 1.13 (released in 2008) on PHP 5.5. Maybe it would work.
I was just looking for my notes on how hard it is to upgrade MediaWiki. It looks like I had a similar conversation with you back in 2008, about upgrading from 1.3! Good times.
Note that 1.3 -> 1.13 was a gap of 4 years, and it's now been another 7 years after that. So maybe it is about time for another upgrade?
Normally, upgrading PHP is very simple, because by the time you upgrade PHP, you've already upgraded MediaWiki to a version which has been tested on the new version of PHP. Your case is not normal. That is the price you pay for upgrading MediaWiki as often as other people paint their houses.
I think you should take your site down for "scheduled maintenance", and while it is down, upgrade PHP and any other dependencies such as MySQL and the rest of the Linux distro, and then upgrade MediaWiki to 1.23. That is, don't bother testing MW 1.13 on PHP 5.5, it doesn't matter if it doesn't work if you are halfway through an upgrade.
If you really hate upgrading things, you should take steps to make it easy. Use PHP from an Ubuntu LTS package, don't compile your own. Use unattended-upgrades to get security releases automatically. Don't change any files that were distributed with MediaWiki.
-- Tim Starling