Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:119517
Return-Path: <jakub.php@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 67248 invoked from network); 9 Feb 2023 21:18:22 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 9 Feb 2023 21:18:22 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 8F0F9180340
	for <internals@lists.php.net>; Thu,  9 Feb 2023 13:18:21 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,
	FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,
	HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,
	SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no
	version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <jakub.php@gmail.com>
Received: from mail-ed1-f44.google.com (mail-ed1-f44.google.com [209.85.208.44])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Thu,  9 Feb 2023 13:18:21 -0800 (PST)
Received: by mail-ed1-f44.google.com with SMTP id r3so3191846edq.13
        for <internals@lists.php.net>; Thu, 09 Feb 2023 13:18:21 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=GWnmKtNpmOvUQRlG4W+AA+DAz4nSpUSfqlUC+a09aho=;
        b=dCLUilssagRoEETflZpP/1nlTn9hPmR7j1kckfz394xixhbF97msNsOQQw3bXEjQJF
         Ru3QMrhy7yfLDc8q9NhbUMvbnMSB/3z1n8l05pKcjd05B7L0hFuwM8zpSroZznnTHZ6y
         99BiveNhYcI/iBgh/iU1oquQKvx5nnEJ/UUdKtBNPonWJpRi0SbYd7Oi6khcYCQd7vBS
         mobNN7kDNEO3eQvHmdNjqdGVIcQcS61YdA2AKR3lqaV+dhxMP6PC/x4FQmo9s5lrR/fP
         53FoVFBu0Fp4F/dcWiGOShIXhhtvzYzUxspg/bwpy27yNpOpPZfQR3BhzIQ6NdhCg+1s
         GfuQ==
X-Gm-Message-State: AO0yUKXBUR5tea2GnaZhcfuB2btQngJ1gXJBzeYfSqjkV9wvcqcjgIpV
	oHptlflBD2M9ONUK06kVNOb/jXPq/Mq/Raw5+ko=
X-Google-Smtp-Source: AK7set9GdmwclTWsQEYISejFVAj8AuUY2fii3qV1xg3nG8os0QYKHUqfAV5rAFWZVv9jV4PEp1MGdC4njNKdgHmaY+M=
X-Received: by 2002:a50:a40d:0:b0:4aa:a503:53ed with SMTP id
 u13-20020a50a40d000000b004aaa50353edmr2915667edb.7.1675977499867; Thu, 09 Feb
 2023 13:18:19 -0800 (PST)
MIME-Version: 1.0
References: <Y+TIlliuIwRyZX8L@swift.blarg.de>
In-Reply-To: <Y+TIlliuIwRyZX8L@swift.blarg.de>
Date: Thu, 9 Feb 2023 21:18:08 +0000
Message-ID: <CAEKnhAEAwMEh4unOfJkzrTF9PkhHvAniHOUXhaoB4YNdpUZsgA@mail.gmail.com>
To: Max Kellermann <max+php@blarg.de>
Cc: internals@lists.php.net
Content-Type: multipart/alternative; boundary="00000000000088008705f44aeb6c"
Subject: Re: [PHP-DEV] How to deal with bugs in vendored libraries?
From: bukka@php.net (Jakub Zelenka)

--00000000000088008705f44aeb6c
Content-Type: text/plain; charset="UTF-8"

Hi,

On Thu, Feb 9, 2023 at 10:19 AM Max Kellermann <max+php@blarg.de> wrote:

> Hi,
>
> what happens if there is a bug in a vendored library, but upstream
> refuses to fix it?
>
> Last month, my PR for removing obsolete C99 integer checks was merged:
>
>  https://github.com/php/php-src/pull/10304
>
> This change speeds up configure and removes code that violates the C99
> spec.
>
> It included a fix for ext/date/lib/ which I then learned is a vendored
> library; Christoph M. Becker asked me to submit the same fix upstream,
> which I did:
>
>  https://github.com/derickr/timelib/pull/141
>
> As you can see, the PR was closed with a comment that did not explain
> why.  After it was pointed out to them that the existing code violates
> the C99 standard, they locked the PR, preventing further discussion.
>
> Not only that; they also reverted my fix in php-src, reintroducing the
> C99 spec violation:
>
>  https://github.com/php/php-src/commit/0df92d218e88a0070fcebd5391e7
>
> ... even though UPGRADING.INTERNALS contains an explanation that these
> obsolete feature macros are no longer present in PHP's config headers
> and should not be used.
>
> Two questions remain for me:
>
> - Should somebody with push access to php-src silently/secretly,
>   without any discussion, revert such a fix?  The revert seems to have
>   been directly pushed to php-src without a PR and with no chance for
>   others to review it.
>
>
Yes if it's a maintainer of the code which is the case here. Historically
we didn't use PR's for normal fixes. We started doing so mainly to run
tests rather than getting feedback. That said I think it's good to do PR's
for most changes as it's safer and feedback is good but it has never been a
requirement.


> - In general, if a vendored library has a bug (like the C99 spec
>   violation, or any other bug) that the upstream refuses to fix or
>   even discuss, shall the copy in php-src be patched?  Are deviations
>   from vanilla upstream possible?  Of course, this causes extra work
>   for syncing with new upstream released, but tools like quilt could
>   help with that.
>
>
I don't think we would want to do this in general unless it's something
critical or security related which this is certainly not.

The only thing that you can do here is to create an RFC but I'm pretty sure
that it would be just waste of time as it would be destined to fail. So the
best thing that you can do is to just forget about it and move on otherwise
I think you are wasting your time...

Regards

Jakub

--00000000000088008705f44aeb6c--