Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:118816
Return-Path: <nicolas.grekas@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 88582 invoked from network); 15 Oct 2022 09:06:47 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 15 Oct 2022 09:06:47 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id A31E91804AA
	for <internals@lists.php.net>; Sat, 15 Oct 2022 02:06:44 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <nicolas.grekas@gmail.com>
Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com [209.85.221.41])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Sat, 15 Oct 2022 02:06:43 -0700 (PDT)
Received: by mail-wr1-f41.google.com with SMTP id w18so10897244wro.7
        for <internals@lists.php.net>; Sat, 15 Oct 2022 02:06:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=OcD+6PNiqvNsVRhqE9eumbiYkZNyLCieYxlxShinP8Y=;
        b=lGLCVgBd53TPpy0yQGUwkR/6D98+REnC/kkjI519Zx4uP1xWi1/0hlMOcssKH5WQQ0
         9mv4txjLNkiqdGUFmpNOof7IlCGKjAiMfH95qHlMe847kFqK7dt10YKGTW2xIszd6g5O
         0pVUxMQsp1WCjRNo0Eo4KwU5XZ20/cfr62OaiBmlrPAoXxTjL1LaS2B6j0ilu92dXgok
         Td4a9di6PVfJJa7fd0ogFtGjIhnQ1/hfaWp8QcENl9JCjMwmw7EqzK8SK19uicjmpKk5
         uBMdRlRoYlOaiyTla9Ccz/9TRyunVTjRBtttu8S74qTEYAUz/kIUL153LyfSWITXWjxQ
         DF7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=OcD+6PNiqvNsVRhqE9eumbiYkZNyLCieYxlxShinP8Y=;
        b=vP7P1JmdcU19seLSrDCHx6669SbApgIj8iGru9jwkOydnn4IV4iWCNkFhgUE9q1FDS
         X1TLlihKbZ53xsbo+9I3mxzc/pHQHh2LmirLnAJtvFDgmtmLS89E2ilReFA1BmMJtEVB
         HyUA41QS0o6jUi1qmPjaqzD/c/xoYBr7AoiKUw2EwvQX9ssoJExu5QzeohBJjPv5U0jo
         4BXJqE55z8RUIUiLGHcElVWe1GVURmAZ5MEo4NTBfXJJQrYH2UaDZNlq0HRbWPuOPJjM
         sh87pPzfWLzsHhGbcNqtomaSFg2CiSp/3OKekSwOz0wtDFrK4Q6ysZOJ1JBcghqYnSmi
         27AA==
X-Gm-Message-State: ACrzQf2Royvfc3EFaSwk2TT/qQBWm6onvg9QpbeVE89Rt0/Fq6ViGf9v
	DUAE8T41BB9P3D1oPiXhXlDqqM8nUeFlUeL3nx5DHIxg
X-Google-Smtp-Source: AMsMyM6ccWjPjiFVrbWHL5q5I3lpdVI3T89BMWxJKz69EK/Ec+qO+CnHfXccnvwSPuIWzU1n6folsRyucbN/k3xK96w=
X-Received: by 2002:a5d:59a5:0:b0:22e:37ab:ed7d with SMTP id
 p5-20020a5d59a5000000b0022e37abed7dmr952949wrr.461.1665824802338; Sat, 15 Oct
 2022 02:06:42 -0700 (PDT)
MIME-Version: 1.0
References: <22177032-fe72-c39b-63fe-fa4368a70852@bastelstu.be>
 <CAOWwgpmuiRzUwGpU3ShQ7HOAVGhcP=Wb8z50acLfERMn_NEbwQ@mail.gmail.com> <c9e61189-7826-844f-56b9-7bb509a0791d@bastelstu.be>
In-Reply-To: <c9e61189-7826-844f-56b9-7bb509a0791d@bastelstu.be>
Date: Sat, 15 Oct 2022 11:06:30 +0200
Message-ID: <CAOWwgpnpBTx9-aLz-bg1xZ9FT5JyWsX44TLwfvanDS_aAW7qdQ@mail.gmail.com>
To: =?UTF-8?Q?Tim_D=C3=BCsterhus?= <tim@bastelstu.be>
Cc: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="00000000000099f9f005eb0f0f65"
Subject: Re: [PHP-DEV] [VOTE] Improve unserialize() error handling
From: nicolas.grekas+php@gmail.com (Nicolas Grekas)

--00000000000099f9f005eb0f0f65
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

> > Not sure why I didn't think about it before but I just ran the test sui=
te
> > of Symfony after applying the patch proposed in the RFC to change the w=
ay
> > exceptions are handled by unserialize.
> >
> > This change breaks the test suite of 5 separate components. I created
> this
> > gist to list all the failures:
> > https://gist.github.com/nicolas-grekas/3da652a51669baa40c99bd20e4a1b4dd
> >
> > Maybe I wasn't convincing enough during the discussion period, but that
> > doesn't change the fact that the proposed behavior in the RFC is a very
> > clear BC break that will affect userland significantly.
> >
> > I'm therefore voting NO on the proposal.
> >
>
> I'm not surprised by the =E2=80=9Cno=E2=80=9D on the first vote based on =
the previous
> discussion. I am surprised however that you also disagree with raising
> the E_NOTICE to E_WARNING for consistency.
>
> I don't plan on repeating all the previous discussion points with you,
> but as you mention the Symfony tests specifically: Please find the patch
> attached. Do you believe the expectations in this new test would a
> reasonable expectation by a Symfony user?
>

Since the beginning my point is not that the RFC doesn't have merits. It's
that the proposed approach breaks BC in a way that will affect the
community significantly. We have policies that say we should avoid BC
breaks and they should apply here.

To anyone wondering about the reality of the BC break if you're not
convinced there is one because the original code is broken anyway (which is
your main argument Tim IIUC): please have a look at the failures I reported
above and wonder about the changes the RFC would impose. I cannot think
about one that would not imply some sort of "if the version of PHP is >=3D
8.3 then A, else B". This is the fact that highlights the BC break.

Nicolas

--00000000000099f9f005eb0f0f65--