Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:117092 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 83999 invoked from network); 21 Feb 2022 10:20:25 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 21 Feb 2022 10:20:25 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 855FE1804AC for ; Mon, 21 Feb 2022 03:39:37 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS24940 176.9.0.0/16 X-Spam-Virus: No X-Envelope-From: Received: from chrono.xqk7.com (chrono.xqk7.com [176.9.45.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Mon, 21 Feb 2022 03:39:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bastelstu.be; s=mail20171119; t=1645443575; bh=rwiSekAqsHwkEee/yz88Yrt23rrxcNgxxaWafUZALOI=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=GczsAnG2ndZZMLkk4wa7LLJTpO8Q+vDtWi51Z919Doo5ieYksxuDxeCpAxCK+j8hF hbbUIrW+hydCNPN5qDHCOxUEfIqp1K5w6fM7t/YomYi7dmCHMnVYx9rxTWkbro4cgl T8I9jQUJ1lrmrOj49dR6ltloGAl/cOt4w31S0ibw7gIk1ZcPf3kviqln/kqzrjOeEx 6lW1dmRpmFpOAna9h1dH7BErC6wAeGfhmGTr++EPZKZ/+ecbytBrl5JEuEHLqMSikg 5M3kIEdYrLZTySTkiP9fNZJ2aEoquq4GyztWmh13LMpfYUuzqLanVVK/kmZOpBXj+S flIMdxpNY1crw== Message-ID: <7527ab0b-bed1-6788-a0ff-e75672054be7@bastelstu.be> Date: Mon, 21 Feb 2022 12:39:34 +0100 MIME-Version: 1.0 Content-Language: en-US To: Marco Pivetta Cc: Stanislav Malyshev , PHP Internals List References: <5983302.2649742.1645319015766@email.ionos.com> <6238bf00-011e-35cc-d84b-4082b4f05099@gmail.com> <497325306.1564942.1645357444018@email.ionos.com> <3c6871ca-589d-6812-800c-a3b9ad6bb575@bastelstu.be> <40015164-ac0c-336d-c7d6-c4766d6caff8@gmail.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: [PHP-DEV] RFC proposal to deprecate crypt() From: tim@bastelstu.be (=?UTF-8?Q?Tim_D=c3=bcsterhus?=) Hi On 2/21/22 12:12, Marco Pivetta wrote: >>>> If it's not going to be removed, what's the point of annoying people >>>> with deprecation warnings (that they would patch out/silence anyway)? >>>> >>> >>> Probably to be removed in `9.0` or `10.0`? Yes, it should be removed at >>> some point. >> >> In contrast to other deprecations (e.g. the utf8_encode/decode currently >> discussed), deprecating and ultimately removing crypt() results in an >> actual loss of functionality. >> > > ...yes? That's the point? > I understand that that's the point. However I agree with Stas that this would be a BC break with no practical gain and I articulated the reasons why I believe that: If crypt() is what you need, then crypt() is what you need and being told that your use-case is invalid is not helping you. The function already exists and I assume that it does not require (relevant) maintenance effort for PHP maintainers keeping it. With the same arguments one could deprecate and remove md5() (and possibly sha1() as well). It should not be used for passwords, it should not be used for signatures and any new use should require *careful* review. Nonetheless there are cases where you still need an implementation of md5() and then not having md5() is an issue. If someone proposed the removal of md5() I'd disagree the same. Best regards Tim Düsterhus