However I found myself recently in a PCI audit.  The banks/merchant account providers use a generic form of compliance checks - one is to test versions of Apache, PHP, etc. for compliance using generic tools.  On one site, I stupidly forgot to turn off the Apache broadcast of its version, PHP version, etc. and got slammed by the automated tool finding a ton of 'Major' level security threats based on versions of the web software.  I upgraded Apache to 2.9.2, which cleared some, but the PHP 5.2.x issues remained.  Of course turning off the web server signature, and the problem went away because those tools are pretty stupid as well.

But it demonstrates a general point of thinking out there by those unlike us - who don't know more than what they see on TV.  In a world where every news show wants to include a 'cyber' hacking threat in there (thanks Sony...) it seems that the lamest of tests want to know you are using Apache & PHP versions that are not listed on US CERT for vulnerabilities.  And not only that, if your site is public facing (and its a web server, so why wouldn't it be), then PCI compliance requires an annual 3rd party penetration test.  If you use actual people for this, who have an actual brain, they won't take long to find a published security vulnerability that will put you in FAIL mode on non-compliance.

The whole thing is pretty stupid really, but its the reality of the world we live in.  It means that if FB is to survive as a database of choice for the PHP community, your work in getting PHP to understand it and to embrace it is sorely needed and appreciated.  I've been doing tests with 5.6.5 and although I'm nowhere near through the whole thing, the inclusion of php_firebird as a module to compile in, is welcomed and appreciated.

Hope this shines some light on why your work is really appreciated and needed.

Regards,

Myles