Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:121935 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 23284 invoked from network); 6 Dec 2023 02:05:17 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 6 Dec 2023 02:05:17 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id CEB8E180035 for ; Tue, 5 Dec 2023 18:05:27 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=4.0.0 X-Spam-Virus: No X-Envelope-From: Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Tue, 5 Dec 2023 18:05:27 -0800 (PST) Received: by mail-pg1-f173.google.com with SMTP id 41be03b00d2f7-5c229dabbb6so2855019a12.0 for ; Tue, 05 Dec 2023 18:05:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wikimedia.org; s=google; t=1701828314; x=1702433114; darn=lists.php.net; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=YaPg17k+f/kzlIECI+mPUpAJbqLFi89b+Z7WrrD7Wrg=; b=K+ERu9eq8L27Qksx+5MMD8Rff6Uk/uBAp9cc8qQaM01u6g7QLiHIO3CyuoHDRj7bb4 1v4LbEv7YSVYjhwFtNUPeouzwemKVsVX0TaN6t7zlAMScY7ICqr6uKVp2631A0eeawju 3oGVLJ6yGC1bfkrhQ+R65oW6fwPIEVZNlCJbw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701828314; x=1702433114; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=YaPg17k+f/kzlIECI+mPUpAJbqLFi89b+Z7WrrD7Wrg=; b=aerEXhJDfE2oyP1rq3tORZGEUc+7tffdYUWia0FeRw+JBhb8MaNZo1RqIzzKOxxMsZ /bYh3p4Vf9waSHiOoj7TRApHGsrP5GfBDqQ85Mr0yGlpSNXIF17RvWZc3WrQjJTMK0+I gUfVY6pDQ92yinSN+5kNJp0IU2zcK7r7qDtyazomNO+bDlECdwHJvMp8JscPLfXZRarg YtX09CSals7IygPwGrj9t80nTXDqYtsnSz752nJlAA9pe8d3BC/Lx6v+0B3F9xkWs71o tuNVFTyoPb0h9cU2oE4Li5HpJAqscaFq3TT1+UVEdJOoV9ZBhqMnfeXvZmrCYj7N0l0D asDg== X-Gm-Message-State: AOJu0Yyyk1PL2Y1ZhENowxp3AemEt7keG0gAv/uAH83GBiRFigIPllLw QF6bxefqAwP/4jU3ZtkklpkqrJh9QqrTQFK//ik= X-Google-Smtp-Source: AGHT+IFQGXxt0ov9GzPqejZJKm5DOb5dFbo20mB9LiEzzTZ4VBnYL0ndWUPqm+EK7QciiYtgF36rCA== X-Received: by 2002:a05:6a21:3386:b0:180:e3f1:4f60 with SMTP id yy6-20020a056a21338600b00180e3f14f60mr110681pzb.45.1701828313947; Tue, 05 Dec 2023 18:05:13 -0800 (PST) Received: from [10.1.1.45] (124-168-129-153.dyn.iinet.net.au. [124.168.129.153]) by smtp.gmail.com with ESMTPSA id q24-20020a170902bd9800b001d1c96a0c63sm363634pls.274.2023.12.05.18.05.11 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 05 Dec 2023 18:05:13 -0800 (PST) Message-ID: Date: Wed, 6 Dec 2023 13:05:09 +1100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: Derick Rethans , PHP Developers Mailing List References: <8d4bcca5-a2ce-5ee1-1aed-02076539433a@php.net> In-Reply-To: <8d4bcca5-a2ce-5ee1-1aed-02076539433a@php.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] New "PECL" From: tstarling@wikimedia.org (Tim Starling) On 6/12/23 00:45, Derick Rethans wrote: > The code is old, and hard to maintain. And the database is full of > mojibake. It is also an outdated method of installing things, especially > because userland code is so much easier to handle through Composer. Thanks for working on this. I would say that one of the reasons userland code is easier is because composer packages are local and unprivileged, whereas extensions are global and are typically require root to install. That problem is not going to go away. For community-supplied packages we're mostly using Ondrej Sury's Debian packages. For our own packages (LuaSandbox, Excimer) we're building debs from git tags without reference to PECL. So PECL for us is part of the release procedure just as a courtesy to the downstream community. In terms of security, there should be no way to get root by uploading a malicious PECL package. With debs, I'm not sure if that separation is rock-solid, but at least it exists aspirationally. During build, we run code from the package as non-root. During installation, as root we install generated files into locations which hopefully won't be executed as root. To achieve this separation with PECL, there would need to be some sort of system-aware privilege separation inside the PECL installer. At least it should fork and drop root privileges. Signed tags only help if you trust the package developer. I don't want to have to trust anyone. The PHP version dependency is a tricky part of the spec. When we make a release, we have no way to know how forwards-compatible it is. At some point, a PHP core change will break the extension. The proposed structure suggests that we would have to release a new version of the extension just to say that it's broken. Then later when we make a fix, we would release again with that information. My motivation to maintain a historical list of supported version ranges is very limited. I just want to declare, for the code I'm actually releasing, the earliest supported PHP version and maybe the latest confirmed PHP version. Have you considered keeping the support matrix in the registry database, instead of in pecl.json? Then it can be updated with new build/test information after release. -- Tim Starling