Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:112509
Return-Path: <bjorn.x.larsson@telia.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 67646 invoked from network); 14 Dec 2020 23:43:01 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 14 Dec 2020 23:43:01 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 675F7180505
	for <internals@lists.php.net>; Mon, 14 Dec 2020 15:13:49 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW,
	RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <bjorn.x.larsson@telia.com>
Received: from v-smtpout1.han.skanova.net (v-smtpout1.han.skanova.net [81.236.60.154])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon, 14 Dec 2020 15:13:48 -0800 (PST)
Received: from [192.168.7.11] ([213.64.245.126])
	by cmsmtp with ESMTPA
	id ox2Hkdmsm3UCOox2Ik8Ht1; Tue, 15 Dec 2020 00:13:46 +0100
To: Nikita Popov <nikita.ppv@gmail.com>
Cc: PHP internals <internals@lists.php.net>
References: <CAF+90c_8Z389ZA2725QDT0bx8sTfaeh4jXRs02E6GZy83pXkVg@mail.gmail.com>
 <283eb44a-d6f9-b91b-115e-cc95e9523c30@telia.com>
 <CAF+90c_7oO6LpkUrOCOZez210a8E+fbm_S3aVTpDTqm6SXN=Gg@mail.gmail.com>
Message-ID: <6fed4bf0-fa17-c5b5-509f-631e561af037@telia.com>
Date: Tue, 15 Dec 2020 00:13:44 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.5.1
MIME-Version: 1.0
In-Reply-To: <CAF+90c_7oO6LpkUrOCOZez210a8E+fbm_S3aVTpDTqm6SXN=Gg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-GB
Content-Transfer-Encoding: 8bit
X-CMAE-Envelope: MS4wfAkm94Af93ghkq6zuxlAhMxWLZcQAEJydn9uJ606z6WV7YAwWf4hQBzMHUsJ8xZbcDGAO/RbbmYVN+8Ab6rnpIxL53Qz8V/O8BMgTOb943ULDOi6OUuF
 klrb7N4pJlF+Ri+i/bI2uJvJGzOsH+jNvr67l3ikYjDqXO8AopxwZjfwH3UDLczzfAJKPrZHEEmygznF/w6IkUukMBsJipab6Po68d7IeKuoQ+3ykEOUhjHi
Subject: Re: [RFC] Phasing out Serializable
From: bjorn.x.larsson@telia.com (=?UTF-8?Q?Bj=c3=b6rn_Larsson?=)

Den 2020-12-07 kl. 16:49, skrev Nikita Popov:
> On Mon, Dec 7, 2020 at 3:49 PM Björn Larsson <bjorn.x.larsson@telia.com>
> wrote:
> 
>> Den 2020-12-07 kl. 15:11, skrev Nikita Popov:
>>
>>> Hi internals,
>>>
>>> Picking up a loose thread:
>>> https://wiki.php.net/rfc/custom_object_serialization introduced a
>>> replacement for Serializable in PHP 7.4, so it's time to think about
>>> deprecating and removing the old mechanism:
>>>
>>> https://wiki.php.net/rfc/phase_out_serializable
>>>
>>> This RFC follows a rather conversative approach. In PHP 8.1 there will
>> be a
>>> deprecation warning if Serializable is implemented without also
>>> implementing __serialize() and __unserialize(). In PHP 9.0, support for
>>> Serializable is dropped internally, and only the interface retained. In
>> PHP
>>> 10.0 the interface is dropped as well.
>>>
>>> Regards,
>>> Nikita
>>
> 
> I had to slightly extend this RFC to also deprecate & remove the
> PDO::FETCH_SERIALIZE mode, which is based on Serializable. Doesn't seem to
> be a big loss, as this fetch mode isn't working correctly in the first
> place...
> 
> 
>> Given that 10.0 lies maybe ten years in the future if we have a similar
>> timeline >> like for 7.0 to 8.0. Is it then realistic to have such a
>> long-term planning? For me it feels a bit more prudent to remove it
>> completely in 9.0.
>>
>> Otherwise +1!
>>
> 
> I'd be also okay with dropping it entirely in PHP 9. That would mean that
> there is no prior deprecation warning if you implement it together with
> __serialize() and __unserialize() though, which is why I went with the
> proposed timeline. From my own (technical) perspective, the case is closed
> in PHP 9 either way, because that's where we can rip out support in
> unserialize().
> 
> Nikita
> 
Not sure I understand why no deprecation warning is needed in 8.1,
if removing completely in 9.0?

Anyway, my main objection towards the proposed timeline is not so
much about the functionality removed. It's more related with that
I think an RFC that mandates what should happen in 10.0, maybe
10 years into the future feels a bit farfetched.

Of course there could be exceptions for RFC's targeting PHP 10.0,
but then I think it should be for something big, like replacing
the SPL library etc.

r//Björn L