[ic] [interchange] Fix potential "use of uninitialized value" if called during startup

Mike Heins mikeh at endpoint.com
Sat Jun 24 02:54:21 UTC 2017 

Quoting Jon Jensen (jon at endpoint.com):
> On Fri, 23 Jun 2017, David Christensen wrote:
> 
> >>thanks very much on your effort to clean up Interchange!
> >>
> >>I think the // operator isn't present in older Perls.
> >
> >I think 5.10 introduced this; I will change it to ?????? as Peter
> >suggested, however practically speaking I???d expect anyone using
> >IC at this point to be on CentOS 7+ due to TLS issues, so we could
> >probably safely increase the minimum perl version in practice to
> >the min(distributed version of perl in CentOS 7, equivalent Debian
> >TLS-supporting release).
> 
> David makes a good point: Because TLS 1.2 is required for PCI DSS,
> and because older Perl systems are built on older OS/distros with
> old OpenSSL, and because almost all Interchange usage is for
> ecommerce, it is probably a good time for us to consider raising the
> minimum Perl version. We have not done this for many years, so it's
> a good time anyway. We should increase the Interchange release to
> 5.12 to indicate the break in backward compatibility.
> 
> RHEL/CentOS 6 is the oldest supported in that family, and include
> TLS 1.2 and Perl 5.14.1. RHEL/CentOS 7 comes with Perl 5.16.3.
> 
> Debian 7 is the oldest supported in its family, in its LTS phase. It
> came with Perl 5.14.2. Debian 8 comes with Perl 5.20.2, and 9 with
> 5.24.1.
> 
> Ubuntu 14.04 is the oldest supported, with Perl 5.18.2. Ubuntu 16.04
> has 5.22.1.
> 
> Based on the lowest common denominator of the above, I propose we
> increase the minimum Perl version to 5.14.1. That's still 6 years
> old, from 2011!
> 
> Pros of increasing the Perl version:
> 
> * build on a more current Perl + core module + CPAN module base,
> requiring fewer checks to see if a Perl module is installed
> 
> * be able to use "new" (since over 10 years ago!) features such as
> the // operator
> 
> * have more modern Unicode support
> 
> * reduce number of major versions we have to support / test on

I am against this unless there is significant feature content
added by increasing the minimum version. Allowing // in one or
two places doesn't meet that bar to me.

I also note that there are plenty of people who have built
their own Perl to use IC.

If you go above 5.8, you are basically consiging yourself to
using global Perl, as you will have myriad runtime require 
problems introduced by 5.10 and above.

> 
> Cons of increasing the Perl version:
> 
> * users wanting to stay on old versions won't be able to upgrade
> past 5.10.x

There are a number of non-commerce IC implementations which may
want to upgrade.

I don't worry too much about it, but I would like it to be for real
reasons, not one or two uses of //.

-- 
Mike Heins
End Point -- Expert Internet Consulting    http://www.endpoint.com/
phone +1.765.253.4194  <mikeh at endpoint.com>

Find the grain of truth in criticism, chew it, and swallow
it. -- anonymous

More information about the interchange-users mailing list