There appears to be a Validate package in Pear that I'm interested in useing in production. Our site has about 20M uniques across 10 languages, so as part of due diligence, thought I'd asked around here.
在Pear中似乎有一个Validate包,我有兴趣在生产中使用它。我们的网站在10种语言中拥有大约2000万本独特的内容,所以作为尽职调查的一部分,我想在这里问一下。
Does anyone have any experience with this PEAR package?
有没有人对这个PEAR包有经验?
Is it ready for production?
它准备好生产吗?
Here's the Validate package in question: http://pear.php.net/package/Validate
这是有问题的验证包:http://pear.php.net/package/Validate
Intro: http://pear.php.net/manual/en/package.validate.validate.php
Bugs (only 78 ever filed...) http://pear.php.net/bugs/search.php?cmd=display&package_name[]=Validate&status=All
错误(只有78个提交......)http://pear.php.net/bugs/search.php?cmd=display&package_name[]=Validate&status=All
4 个解决方案
#1
Judging by the revision number and the revision title. (0.8.2 (Beta)) i would say no. Personally i would advice against using any Beta product in production, though there are many cases that it worked out fine (* for example). Though you are always running a risk of something happening.
根据修订号和修订标题判断。 (0.8.2(Beta))我会说不。就个人而言,我建议不要在生产中使用任何Beta产品,尽管有很多情况下它很好(例如*)。虽然你总是冒着发生事情的风险。
#2
I'd strongly advise against integrating the PEAR code you use into your own code-base. What happens then if a new version of one of the PEAR packages you use is released to fix security issues and there are multiple dependencies from that package onto others? Do you download the new versions and check everything works ok and that you've not added a bug yourself by missing something?
我强烈建议不要将您使用的PEAR代码集成到您自己的代码库中。如果您使用的某个PEAR软件包的新版本被发布以解决安全问题并且该软件包与其他软件包有多个依赖关系,那么会发生什么?你下载新版本并检查一切正常吗?你没有错过自己添加错误?
The best thing to do, if you are paranoid of the system-wide PEAR install being compromised, is to make your own PEAR install. http://pear.php.net/manual/en/installation.shared.php would be where to start for doing this.
如果您对系统范围的PEAR安装受到损害,最好的办法就是安装自己的PEAR。 http://pear.php.net/manual/en/installation.shared.php将是开始这样做的地方。
Then it's just a case of doing $pear upgrade [Package] rather than copying loads of files around.
然后它只是一个做$ pear upgrade [Package]而不是复制大量文件的情况。
#3
The validate functions have been around a long time - some since 2003. I wouldn't worry too much about the beta tag, but I am still paranoid about code - so write tests for yourself, and don't upgrade the PEAR library on your systems without testing.
验证函数已经存在了很长时间 - 有些自2003年以来。我不会太担心beta标签,但我仍然对代码感到偏执 - 所以为自己编写测试,不要升级你的PEAR库没有测试的系统。
Even better - consider integrating the PEAR code you use into your own code-base rather than depending on the system PEAR library that can be upgraded separately.
更好 - 考虑将您使用的PEAR代码集成到您自己的代码库中,而不是依赖于可以单独升级的系统PEAR库。
#4
you can make your own pear install (ie one that isn't system wide) - so you don't have to worry about any interdependencies when you upgrade - let the pear installer figure that out for you.
你可以进行自己的梨安装(即一个非系统范围的安装) - 所以你不必担心升级时的任何相互依赖性 - 让pear安装程序为你解决这个问题。
this is better than simply copying the code of pear packages into your own repo - what would you do if you miss a cricual bug fix released after you've inserted those pear packages that you're using into your revision control system?
这比简单地将梨包的代码复制到你自己的仓库更好 - 如果你错过了在将你正在使用的梨包插入修订控制系统后发布的cricual bug修复,你会怎么做?
honestly the validate package should be taken out of beta - it's been stable other than in name for a very long time.
老实说,验证包应该从测试版中取出 - 它在很长一段时间内都是稳定的。
#1
Judging by the revision number and the revision title. (0.8.2 (Beta)) i would say no. Personally i would advice against using any Beta product in production, though there are many cases that it worked out fine (* for example). Though you are always running a risk of something happening.
根据修订号和修订标题判断。 (0.8.2(Beta))我会说不。就个人而言,我建议不要在生产中使用任何Beta产品,尽管有很多情况下它很好(例如*)。虽然你总是冒着发生事情的风险。
#2
I'd strongly advise against integrating the PEAR code you use into your own code-base. What happens then if a new version of one of the PEAR packages you use is released to fix security issues and there are multiple dependencies from that package onto others? Do you download the new versions and check everything works ok and that you've not added a bug yourself by missing something?
我强烈建议不要将您使用的PEAR代码集成到您自己的代码库中。如果您使用的某个PEAR软件包的新版本被发布以解决安全问题并且该软件包与其他软件包有多个依赖关系,那么会发生什么?你下载新版本并检查一切正常吗?你没有错过自己添加错误?
The best thing to do, if you are paranoid of the system-wide PEAR install being compromised, is to make your own PEAR install. http://pear.php.net/manual/en/installation.shared.php would be where to start for doing this.
如果您对系统范围的PEAR安装受到损害,最好的办法就是安装自己的PEAR。 http://pear.php.net/manual/en/installation.shared.php将是开始这样做的地方。
Then it's just a case of doing $pear upgrade [Package] rather than copying loads of files around.
然后它只是一个做$ pear upgrade [Package]而不是复制大量文件的情况。
#3
The validate functions have been around a long time - some since 2003. I wouldn't worry too much about the beta tag, but I am still paranoid about code - so write tests for yourself, and don't upgrade the PEAR library on your systems without testing.
验证函数已经存在了很长时间 - 有些自2003年以来。我不会太担心beta标签,但我仍然对代码感到偏执 - 所以为自己编写测试,不要升级你的PEAR库没有测试的系统。
Even better - consider integrating the PEAR code you use into your own code-base rather than depending on the system PEAR library that can be upgraded separately.
更好 - 考虑将您使用的PEAR代码集成到您自己的代码库中,而不是依赖于可以单独升级的系统PEAR库。
#4
you can make your own pear install (ie one that isn't system wide) - so you don't have to worry about any interdependencies when you upgrade - let the pear installer figure that out for you.
你可以进行自己的梨安装(即一个非系统范围的安装) - 所以你不必担心升级时的任何相互依赖性 - 让pear安装程序为你解决这个问题。
this is better than simply copying the code of pear packages into your own repo - what would you do if you miss a cricual bug fix released after you've inserted those pear packages that you're using into your revision control system?
这比简单地将梨包的代码复制到你自己的仓库更好 - 如果你错过了在将你正在使用的梨包插入修订控制系统后发布的cricual bug修复,你会怎么做?
honestly the validate package should be taken out of beta - it's been stable other than in name for a very long time.
老实说,验证包应该从测试版中取出 - 它在很长一段时间内都是稳定的。