Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:120640
Return-Path: <kocsismate90@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 50933 invoked from network); 20 Jun 2023 08:59:25 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 20 Jun 2023 08:59:25 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 0B5C7180544
	for <internals@lists.php.net>; Tue, 20 Jun 2023 01:59:25 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_20,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT,
	FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,
	RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <kocsismate90@gmail.com>
Received: from mail-oa1-f45.google.com (mail-oa1-f45.google.com [209.85.160.45])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Tue, 20 Jun 2023 01:59:24 -0700 (PDT)
Received: by mail-oa1-f45.google.com with SMTP id 586e51a60fabf-1a9ae7cc01dso2826806fac.3
        for <internals@lists.php.net>; Tue, 20 Jun 2023 01:59:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1687251564; x=1689843564;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=4X5XcwM2j2w87mmBnO9z6HjlJe1PiLZPW0A8zr6HKgY=;
        b=SmI8D5e2UNJrf7GDtOPdgXGNZYDicm93rZsq6tieuVmp7/fdO8717Jmj1iF0wRwp5u
         Gha8UYhR+u34bGd8Vb5xVhL4gc9PgAUpi2EdAz6DIcDlQYkx5MUZaffPWrjblFw5Y3z+
         TSrvifYUL+3lzbLXEkA3tyURxuzEVWwYpSl5ntbAvo/8iWAiu4B9gxfYc4U1lHQrHFrH
         TpRFxRMsNVXDby0WAm4n4DZUlY6oNllDRmBMJ/kUzjtwzsBY25tIsk0okMmN+xWOA0eB
         KJ0fCfOp++2ovqKHFAHDK41rktpvDyJbyhiAvM1H57hCkNTDW1FRUv+Sky3wE+AtRUeg
         aBUg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1687251564; x=1689843564;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=4X5XcwM2j2w87mmBnO9z6HjlJe1PiLZPW0A8zr6HKgY=;
        b=dSlBU+BC0ESa0t/X9w/F92Nr4U+ysy7atSGNM/Y6KsKV0QdpaYZcCNFxrjNLqEyrt3
         Gy77rL7JWOaXEfKDkpeB4cZxNbz8svNDL+SJYdXnUgyjDfRHStOo1W4rvkouX5G3+npN
         C3r4NFwh3wNjg88RgLs1Uq/3eqr6s0SYvksHfRi493fZ2nmM8lKXIP4EBm0Vf4vcgqNG
         mU2mfP6zbUeEnQurtEucp10Q1GuJE24OcbhDj9/57jWb5HgDehQObyWdPiQDKOoip2rX
         +W1SxtB+zo5MsCQIVqHs2+T1mKtxvqjjUq32yxWoqKcnqSM1A8jRpoMcXOfFrbVuyMWl
         dpag==
X-Gm-Message-State: AC+VfDzWjx128/lq+y5mq7tRwqcW1OxQ5QQkQLHlQypvzJxkkdUWLJGt
	GzySzAYgo3z3Vj1lSJzhivtpkH+WYv6MfMOTbGI=
X-Google-Smtp-Source: ACHHUZ46wknAAMvw9dwGVAMvIPJsg28IQaSPLDJZKX/B0iXtgsGMPlZXNtNbubgRS3OogYDN6SwDu/U/lclLlMenBes=
X-Received: by 2002:a05:6870:135c:b0:19e:ad7a:bafd with SMTP id
 28-20020a056870135c00b0019ead7abafdmr5378837oac.20.1687251563809; Tue, 20 Jun
 2023 01:59:23 -0700 (PDT)
MIME-Version: 1.0
References: <CAH5C8xWAsRV+8h-tZ2Xq0=tn753kbSQX=KSEYsE2fWEtQVMrew@mail.gmail.com>
 <CAMs36HfmXuUJWJ0uih+Pj_vui4wG4vy3OTMmmspGmpP9h_gvgw@mail.gmail.com>
 <9ea3a5af-679d-ad63-f9c2-e0d8d148db3f@bastelstu.be> <CABTDVhDPLwBHDDzfXcHhs4VZNMHswWqum9muKgZcA63sgMCZdg@mail.gmail.com>
 <5ca4e382-8284-1cd0-696f-0dfd693523f8@bastelstu.be> <CAH5C8xWnAjep7kkTSg3=koBd7U0XuBkwF0-k61Mvv1J-m5yRiQ@mail.gmail.com>
 <648B24CF.4090105@adviesenzo.nl> <CAH5C8xWFOvBrEJbqB+cvHguyamQT6Kp=vLN3K-Nj9HyOgHx24w@mail.gmail.com>
 <64912532.6070809@adviesenzo.nl>
In-Reply-To: <64912532.6070809@adviesenzo.nl>
Date: Tue, 20 Jun 2023 10:59:12 +0200
Message-ID: <CAH5C8xUBPre_kUs3PChzD8AC01ZircP7BHHr6PAamx_BC_6ybQ@mail.gmail.com>
To: Juliette Reinders Folmer <php-internals_nospam@adviesenzo.nl>
Cc: internals@lists.php.net
Content-Type: multipart/alternative; boundary="0000000000001b8dde05fe8bdeb3"
Subject: Re: [PHP-DEV] [RFC] [Discussion] PHP 8.3 deprecations
From: kocsismate90@gmail.com (=?UTF-8?B?TcOhdMOpIEtvY3Npcw==?=)

--0000000000001b8dde05fe8bdeb3
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Juliette,

There are plenty of situations where it is of absolutely no interest to
> get a crypographically secure value, like for generating some
> semi-random test data and I strongly believe the impact of these
> deprecations to be large and fixing it won't always be trivial for
> codebases which support a range of PHP versions.


Please note that Tim has just added a clarification regarding the removal o=
f
mt_rand():

For the Global Mersenne Twister specifically the removal will be left to an
> additional later vote,

allowing to defer the removal based on the remaining usage.
>

This means that mt_rand()  will most probably have a longer phasing out
period than normally, but at least
this buys us time to evaluate the timeframe of the removal. I hope that we
addressed your concerns.

As a matter of principle I believe there should be an impact analysis
> for anything being deprecated. It can inform the voters as to the
> appropriateness of the timing of the deprecation - early on in a major
> cycle vs late in a major cycle -. Others may just take it as a FYI, but
> at least they have access to the information if they wanted to assess it.
>

I don't think an impact analysis is useful all the time: sometimes because
it doesn't make much sense
*trying* to measure the impact of deprecating very rare or broken
functionality (e.g.
CRYPT_STD_* or the NumberFormatter::TYPE_CURRENCY constants). In other
cases, the analysis is
likely going to be misleading, since we don't have access to proprietary
code, and some functionality
is used in such code more often than in open-source projects (e.g. the
typical example is session-related
functions).


> While I appreciate what you are saying about deprecations being an
> "action list to migrate at your own pace", the reality for open source
> packages is different as the sheer amount of deprecations over the past
> few years have taken huge amounts of time to address and "leaving those
> till later" is just not an option as the amount of time needed is the
> same and time can only be spend once.
>

Please let me clarify first that we do appreciate your dedication and
efforts a lot for maintaining such critical projects.
At the same time, - since PHP has almost 3 decades long of track record of
doing silly things -, we as maintainers
are also dedicated very much about improving our language and getting rid
of its unreliable/unexpected/unsafe behavior.

I also do believe that we do care about our users, and it's very rare that
some change is introduced without a heads up
multiple years before the removal. I know these deprecations and removals
usually feel like a burden for people who
tirelessly work on following these changes in their open-source projects in
their free time, but please do understand that
PHP would still be the same crazy language without the fundamental changes
which have been being introduced
in the recent years. We are happy to discuss the underlying problem
separately from this RFC, since the root cause
may be something else than the too many deprecations, starting from things
which we do not have control over (the underfincaning
of open source work) to other factors which we can control (e.g. the
minimum length of deprecation before
the removal, shorter/longer major version cycles, educating end-users to
use automation like Rector).

With all that said, we're going to start the vote on Thursday, since we do
believe the proposal is clear enough now, and
there's not much to discuss anymore.

Regards,
M=C3=A1t=C3=A9

--0000000000001b8dde05fe8bdeb3--