Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:108447
Return-Path: <derick@php.net>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 89193 invoked from network); 11 Feb 2020 00:30:07 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 11 Feb 2020 00:30:07 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 982C21804E6
	for <internals@lists.php.net>; Mon, 10 Feb 2020 14:43:52 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_20,SPF_HELO_PASS,
	SPF_NEUTRAL autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS30827 82.113.144.0/21
X-Spam-Virus: No
X-Envelope-From: <derick@php.net>
Received: from xdebug.org (xdebug.org [82.113.146.227])
	by php-smtp4.php.net (Postfix) with ESMTP
	for <internals@lists.php.net>; Mon, 10 Feb 2020 14:43:51 -0800 (PST)
Received: from [10.212.250.104] (unknown [85.255.233.6])
	by xdebug.org (Postfix) with ESMTPSA id E416C10C772;
	Mon, 10 Feb 2020 22:43:50 +0000 (GMT)
Date: Mon, 10 Feb 2020 22:43:48 +0000
User-Agent: K-9 Mail for Android
In-Reply-To: <CADbOR2i3Jq25rVPwvYtRN=mJ+rrJH40LhyvzpBx89t1tob6_Ag@mail.gmail.com>
References: <CAN+C6bVeO4nU_3egiwhM0MML9NUJJB4oYgWVUo_bhJRPKUVpPQ@mail.gmail.com> <CADbOR2i3Jq25rVPwvYtRN=mJ+rrJH40LhyvzpBx89t1tob6_Ag@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable
To: internals@lists.php.net,j adams <zardozrocks@gmail.com>,Tom Van Looy <tom@ctors.net>
CC: PHP internals <internals@lists.php.net>
Message-ID: <DE32CC7D-1DC9-4A99-9209-0C54F79636A5@php.net>
Subject: Re: [PHP-DEV] [RFC] deprecate md5_file and sha1_file
From: derick@php.net (Derick Rethans)

On 10 February 2020 21:52:42 GMT, j adams <zardozrocks@gmail=2Ecom> wrote:
>I disagree=2E While MD5 and SHA1 might not be suitable for modern
>cryptographic operations, these functions might be needed for legacy
>situations -- e=2Eg=2E, munging through old data=2E
>
>
>On Mon, Feb 10, 2020 at 1:50 PM Tom Van Looy via internals <
>internals@lists=2Ephp=2Enet> wrote:
>
>> Hi
>>
>> While in some environments the use of MD5 and SHA1 are still
>acceptable for
>> some use cases like file integrity verification etc=2E the use of these
>> algorithms should be discouraged and not be your choice when
>developing new
>> applications=2E
>>
>> I suggest to deprecated the functions md5_file() and sha1_file()=2E
>This will
>> make people think about upgrading to a better alternative=2E If you
>still
>> need this functionality you can always switch to the hash_file()
>function=2E
>>
>> Carrying around these two dedicated functions seems a bit too much
>for a
>> modern PHP=2E What do you think?
>>
>> My feeling was that this is a no brainer=2E Should I open an RFC for
>this?
>>
>> Kind regards,
>>
>> Tom Van Looy
>>

Deprecation doesn't mean immediate removal=2E It's a nudge to move to some=
thing better=2E Because this deprecation isn't in the last PHP 7, these fun=
ctions can't be removed until PHP 9=2E

cheers,
Derick