Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:114525 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 74643 invoked from network); 20 May 2021 04:37:01 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 20 May 2021 04:37:01 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id A8DB81804C8 for ; Wed, 19 May 2021 21:46:57 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mail-ed1-f41.google.com (mail-ed1-f41.google.com [209.85.208.41]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Wed, 19 May 2021 21:46:57 -0700 (PDT) Received: by mail-ed1-f41.google.com with SMTP id b17so17844187ede.0 for ; Wed, 19 May 2021 21:46:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=Ew7w794+ScptaeWaZTGLTzV4M0POnFqulf998F6fSuY=; b=lzqb9uN6aZT30ouMXo7TqXUll+pYGSv1ogFrx4iuSNWuuF7SuMtV586wTOfn47drw3 sHTq/00s3gU5/gSJDQiWvP7cF7SHt9UcIi6RgT/dgA1c8nxaKxeXFX2xua2DnRPp8gLT 2sx2V4oPyf5dLJQHgcWwYkaqKxQJz7ycrgLB+4uEvrczPF1iFbPiJYzCF7mFBZnWKB0/ 3oWzV0uN0Oljlpz+tlcxt5Ow3XvsRmjBDPUWEVWb02/Zh6Axu5MLK0wKb5Hsj6VgwTk1 CNKu7uiKgBXIrrwkuu3oamlROL8Bdom2aF3GtWwrcI6bsah1JeVOqOyKVtuVWJT7+6P/ lYTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=Ew7w794+ScptaeWaZTGLTzV4M0POnFqulf998F6fSuY=; b=ZKsJL3gvPInoGdofWFSHuNpGR8kJ4GW6DbhXdKvFessQVLFxalzkpd7Khkj8N0EZn5 z7QiIzFWKxXycJD+ixy8OM4WDA0t6uiznvW6VljpiC6qQOflNvu3Zwg5WcSkyYbrQH+m m6YzEq1jzo5bvfuVX5dTQt9cBs+r5fsPKZVxNtVfTtxgghAGv40ma4k7aL3ibKCY1gVj 1ADiLf/gC8bT/6Nn2TJ9wKD7dmCNR2s6CoileUDx9i8wRjM0DilIEZmgACpJMSjfTE9X 44OWvVkX5puITno5QVaJ5mdJMSKQRXluyIkI9lNcy+IRN7Uob231J08BE+QKIInO0rJS 5HkQ== X-Gm-Message-State: AOAM533EE846pMwCM9gWZy/n6KxvNNVHCkOr5+NrqsSRHY2/7FRHWFWa 1sTjDwHmN4iOWPWnYQibBfbRRgcEFVA78e96tZU= X-Google-Smtp-Source: ABdhPJxn2cWxT7sgYmHFLh8nMD4xVkkkvlVkpAnVcJ9fYMRKMti9QkUEzkd/J0qUKGqWZtvqeHJo87NBRbM826E4nsw= X-Received: by 2002:a50:ff08:: with SMTP id a8mr2845640edu.46.1621486016193; Wed, 19 May 2021 21:46:56 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Date: Thu, 20 May 2021 13:46:45 +0900 Message-ID: To: Kamil Tekiela , PHP internals Content-Type: multipart/alternative; boundary="00000000000000e6a505c2bba2ae" Subject: Re: [PHP-DEV] [RFC] [Draft] Add RNG extension and deprecate mt_srand() From: zeriyoshi@gmail.com (Go Kudo) --00000000000000e6a505c2bba2ae Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable > 1. I'm still not a fan of exposing the algorithms as separate classes in PHP. Their names are confusing and I don't see how exposing them gives any benefits. I would prefer that, like in password_hash, let the user chose the algorithm using a constant then ask for seed as a second argument to Randomizer. This may be useful if you are implementing a specific RNG in userland. It also gets quite complicated when trying to implement extensions that add corresponding algorithms. Since we're going all out, I thought it might be appropriate to use the OOP approach. What do you think? > 2. Why is there a getter on Randomizer for the source? Some Source objects are serializable and can store state, to take advantage of this feature. > 3. Why is the interface called source? I couldn't think of an appropriate name. Do you have any ideas? > 4. You have generateInt() twice. Wouldn't it be better to have it only once but make the arguments nullable or provide PHP_MIN_INT and PHP_MAX_INT as defaults? This is to maintain compatibility with the `mt_rand()` function. > 5. Why do we need to deprecate the old functions now? What's the rush? Keeping old implementations may lead to code being written that unintentionally relies on the PHPs global state. Deprecating them reduces the possibility that such code will be written anew. 2021=E5=B9=B45=E6=9C=8819=E6=97=A5(=E6=B0=B4) 2:29 Kamil Tekiela : > Hi Go Kudo, > > I think this proposal is much better than the one before. I believe we > need such functionality in PHP. > I have some questions I would like you to consider: > 1. I'm still not a fan of exposing the algorithms as separate classes in > PHP. Their names are confusing and I don't see how exposing them gives an= y > benefits. I would prefer that, like in password_hash, let the user chose > the algorithm using a constant then ask for seed as a second argument > to Randomizer. > 2. Why is there a getter on Randomizer for the source? > 3. Why is the interface called source? > 4. You have generateInt() twice. Wouldn't it be better to have it only > once but make the arguments nullable or provide PHP_MIN_INT and PHP_MAX_I= NT > as defaults? > 5. Why do we need to deprecate the old functions now? What's the rush? > > Regards, > Kamil > --00000000000000e6a505c2bba2ae--