Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:109983
Return-Path: <me@kelunik.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 52891 invoked from network); 3 May 2020 21:23:16 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 3 May 2020 21:23:16 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 480C11804CE
	for <internals@lists.php.net>; Sun,  3 May 2020 12:57:46 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,
	RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_NONE
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS6724 81.169.144.0/22
X-Spam-Virus: No
X-Envelope-From: <me@kelunik.com>
Received: from mo4-p00-ob.smtp.rzone.de (mo4-p00-ob.smtp.rzone.de [81.169.146.161])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Sun,  3 May 2020 12:57:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1588535863;
	s=strato-dkim-0002; d=kelunik.com;
	h=Cc:To:Subject:Message-ID:Date:From:In-Reply-To:References:
	X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender;
	bh=EI7Nc4n4H4g8MN9TxjRaUUSTtPED7n8mRdlE589pg34=;
	b=cbrnMObfFG0eS3bOOv05YLvwBPtVw5D4CvwP7XD36WvW822Y7kmB9+C/HkUa1aWqPV
	BPw3SEKfb9CEcAsAdlf2rqodE+I9NQ3R5/Ii85tlsRHTH2AVWZwWjnO7FCzShOd8cv4f
	KCHqOdUbEWnMxZDsYEn7HqDAOylExJ+GblihPRzkLkQA+8EBLMtyHlLgB+kar7x9DdJl
	HeHG0DmQJ3UOlkB0ZwQyqY7ebwbdoQv54kr9plEsBhNZL2y51pUj6ctDCeschK8dH606
	NyaNdbKaC1icEceKjEuFk+OYA03xCf5TITAFUSTriR+IAM1n2aRlzs/De0iQSxCNbBO4
	1lvw==
X-RZG-AUTH: ":IWkkfkWkbvHsXQGmRYmUo9mlsGbEv0XHBzMIJSS+jKTzde5mDb8AaBEcYyJB"
X-RZG-CLASS-ID: mo00
Received: from mail-vs1-f45.google.com
	by smtp.strato.de (RZmta 46.6.2 AUTH)
	with ESMTPSA id C0794aw43JvhqJz
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits))
	(Client did not present a certificate)
	for <internals@lists.php.net>;
	Sun, 3 May 2020 21:57:43 +0200 (CEST)
Received: by mail-vs1-f45.google.com with SMTP id 1so9845342vsl.9
        for <internals@lists.php.net>; Sun, 03 May 2020 12:57:43 -0700 (PDT)
X-Gm-Message-State: AGi0PuZH6PRbFasunzgtg5RQwxu4g2FyTNzPeT7To9R6skjsXXzX5qSK
	xWj4iYU/rch2z5+AktkSYMMN2YNs/gQgB2a5EGU=
X-Google-Smtp-Source: APiQypK1bgIbg0a9o1bFTDiLDerNb1gVkDE78JCo+XPeVVdBy3aobDRv9FRZpi1s2RCjrjeYf2E6LASxyrI5XImLrTE=
X-Received: by 2002:a67:f787:: with SMTP id j7mr9028698vso.77.1588535862678;
 Sun, 03 May 2020 12:57:42 -0700 (PDT)
MIME-Version: 1.0
References: <9e3b1604-8d0a-9db4-aab6-e5f2198252f4@allenjb.me.uk>
In-Reply-To: <9e3b1604-8d0a-9db4-aab6-e5f2198252f4@allenjb.me.uk>
Date: Sun, 3 May 2020 21:57:16 +0200
X-Gmail-Original-Message-ID: <CANUQDCh+uMNrWw-DE5h46KK9rVHfULSQiK3L0Ne=Y1CcE_hhtg@mail.gmail.com>
Message-ID: <CANUQDCh+uMNrWw-DE5h46KK9rVHfULSQiK3L0Ne=Y1CcE_hhtg@mail.gmail.com>
To: AllenJB <php.lists@allenjb.me.uk>
Cc: PHP Internals <internals@lists.php.net>
Content-Type: text/plain; charset="UTF-8"
Subject: Re: [PHP-DEV] Deprecating uniqid()
From: me@kelunik.com (Niklas Keller)

Hey Allen,

there's been discussion on whether we should deprecate or replace its
functionality. Without changing the output format, it's impossible to
have enough entropy.

Without consensus on the best way forward, I've just never cared to
put this to a vote.

I'll happily collaborate on moving this RFC forward for PHP 8.

Best,
Niklas

Am Sa., 2. Mai 2020 um 20:57 Uhr schrieb AllenJB <php.lists@allenjb.me.uk>:
>
> Hi all,
>
> I'd like to discuss deprecating uniqid()
>
> I believe it's dangerously bad a doing "what it says on the tin". New
> developers still reach for it and do not read the warnings on the manual
> page (or if they do, don't fully understand how bad it is).
>
> For older codebases that still rely on it, a userland replacement can be
> easily implemented (and could be published on Packagist).
>
> I noticed there was an RFC [0][1] brought up 2 years ago, but was never
> voted on. Does anyone know why this was?
>
> [0] https://externals.io/message/102097
> [1] https://wiki.php.net/rfc/deprecate-uniqid
>
> Is there interest in deprecating this function?
>
> If not deprecation, how could it be (further) "improved"? My first
> thought is to make the "more entropy" option enabled by default (the
> argument could remain so that it can be disabled by codebases that rely
> on the lower length and can take the tradeoffs).
>
> AllenJB
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>