Is the Validate PEAR package ready for production?

views:

132

answers:

+1 Q:

Is the Validate PEAR package ready for production?

There appears to be a Validate package in Pear that I'm interested in useing in production. Our site has about 20M uniques across 10 languages, so as part of due diligence, thought I'd asked around here.

Does anyone have any experience with this PEAR package?

Is it ready for production?

Here's the Validate package in question: http://pear.php.net/package/Validate

Intro: http://pear.php.net/manual/en/package.validate.validate.php

Bugs (only 78 ever filed...) http://pear.php.net/bugs/search.php?cmd=display&package_name[]=Validate&status=All

Judging by the revision number and the revision title. (0.8.2 (Beta)) i would say no. Personally i would advice against using any Beta product in production, though there are many cases that it worked out fine (stackoverflow for example). Though you are always running a risk of something happening.

Ólafur Waage 2009-04-10 00:25:30

To be fair, non-beta code still has bugs. Beta is only more risky if they have *known* bugs that they haven't fixed and they *know* the risks.

Kent Fredric 2009-04-10 01:09:44

You could have system breaking code just waiting to be executed. Atleast with a non beta/alpha release, you have the experience of others trying it out on a production system before you.

Ólafur Waage 2009-04-10 11:47:14

It's a version number, and not a revision. Validate has been around for a long, long time. You could have at least looked at the homepage before you made a "well-educated" guess.

Till 2009-09-16 21:55:34

Beta = Not ready for production! In my eyes.

Ólafur Waage 2009-09-16 23:42:10

+1 A:

The validate functions have been around a long time - some since 2003. I wouldn't worry too much about the beta tag, but I am still paranoid about code - so write tests for yourself, and don't upgrade the PEAR library on your systems without testing.

Even better - consider integrating the PEAR code you use into your own code-base rather than depending on the system PEAR library that can be upgraded separately.

Alister Bulman 2009-04-10 00:32:55

+1 A:

you can make your own pear install (ie one that isn't system wide) - so you don't have to worry about any interdependencies when you upgrade - let the pear installer figure that out for you.

this is better than simply copying the code of pear packages into your own repo - what would you do if you miss a cricual bug fix released after you've inserted those pear packages that you're using into your revision control system?

honestly the validate package should be taken out of beta - it's been stable other than in name for a very long time.

2009-09-16 21:49:19

I'd strongly advise against integrating the PEAR code you use into your own code-base. What happens then if a new version of one of the PEAR packages you use is released to fix security issues and there are multiple dependencies from that package onto others? Do you download the new versions and check everything works ok and that you've not added a bug yourself by missing something?

The best thing to do, if you are paranoid of the system-wide PEAR install being compromised, is to make your own PEAR install. http://pear.php.net/manual/en/installation.shared.php would be where to start for doing this.

Then it's just a case of doing $pear upgrade [Package] rather than copying loads of files around.

kguest 2009-10-13 12:44:51

ansaurus

tags:

views:

answers:

Is the Validate PEAR package ready for production?

related questions