Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:121971 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 49151 invoked from network); 9 Dec 2023 15:56:08 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 9 Dec 2023 15:56:08 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 3C7ED180052 for ; Sat, 9 Dec 2023 07:56:20 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=4.0.0 X-Spam-Virus: No X-Envelope-From: Received: from mail-oo1-f51.google.com (mail-oo1-f51.google.com [209.85.161.51]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Sat, 9 Dec 2023 07:56:19 -0800 (PST) Received: by mail-oo1-f51.google.com with SMTP id 006d021491bc7-5906d0c38c3so1679980eaf.3 for ; Sat, 09 Dec 2023 07:56:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702137364; x=1702742164; darn=lists.php.net; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=35Sodpa/nJCFXJZsAx1fMvb1JWA/jiB1BWRCRV2OGFs=; b=RLURogpGuvVi0plfd2BJgaQ3UXARJUinvnGofnx/vdlH0ucE4YrTL8hbUki/m2WAlm OJTJje0emYKPp6RU/a4bxQ9dnWWrc8mSvBHlYMv4CvaFNrnKNPH2fmkfKaVZQ/+nw/7q Mv5yUhafkpAT6pbOeHpBYBoivKB+qa5VQNgI6Lo8xHeDwhajC8TAlp9/0RWp1w6jRnv/ wj5CDkQt2nkvdJ/ZHZuwKX13a9NFSTYH+YyexnBEDLwixb+z9TPfOrUdb245EcYWtPGT 6LHaTPL2zY4kTYhUhCTvk0wSjf42vTuLH5UBE0a0ETcDLrtvdvrvO4rJxWgU8zotB+ZE q5rw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702137364; x=1702742164; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=35Sodpa/nJCFXJZsAx1fMvb1JWA/jiB1BWRCRV2OGFs=; b=R4r7yuEM30IiPnf/61NjTL5ybFaBzVfrpO9OnNzPt9ZF8O0+gjklURKTGtju66lacc owomxGWna8ryVHQf/n71hPjGEHtiksKGuinHvBYmsxrxT4GlAcQkjiK+iaJ2FLPsCdl+ daC10xpGXSoILteMT97fD/pG3/1LR7Mhy+S53YPm1w3+yuNf1QzHqhuBMjLRTh0cAO/Q iSjD0j0qfqdEk+TKnBr2aHxX7+RSL6JNo3Oj/AQdrkS22WSVmLCOExOPu/DD4Fs/UBWh 8g0Y0T7gfOGK2aiU3cwpB7dBjrA+pjIRy+TDRX81skq9InNr9aye98yFMNSFhisu0Cmb stJA== X-Gm-Message-State: AOJu0YyTAV94BkJJGSStUAbqIyIv389NgSLksPepwYHkrR+YZViC8BSq UShkOP3+OPCpnO35bCmKVI0JJCNqlzlt9kVVvHY= X-Google-Smtp-Source: AGHT+IGnTj0LXG4szDMeTmp61RkrobOtrH3KVI0zfG7TTOryd8UWuCBp4zIf3qUPLsrNyUx4kaEcTXxV3bCmOZ0r4/w= X-Received: by 2002:a4a:aa4b:0:b0:590:69cf:d99 with SMTP id y11-20020a4aaa4b000000b0059069cf0d99mr1406119oom.3.1702137364494; Sat, 09 Dec 2023 07:56:04 -0800 (PST) MIME-Version: 1.0 References: <1BF39851-A294-44D9-827F-933B00807441@automattic.com> In-Reply-To: <1BF39851-A294-44D9-827F-933B00807441@automattic.com> Date: Sat, 9 Dec 2023 16:55:45 +0100 Message-ID: To: Dennis Snell Cc: Max Semenik , Internals Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] Re: [RFC][Discussion] NotSerializable attribute From: landers.robert@gmail.com (Robert Landers) On Sat, Dec 9, 2023 at 4:32=E2=80=AFPM Dennis Snell via internals wrote: > > Max, I love this idea. > > Would it make sense to flip the design though and add `#[Serializable]` w= ith a new `php.ini` setting? > > I=E2=80=99m thinking that almost every class I use, if not every single c= lass, should not be serialized. > If PHP had a flag to say =E2=80=9Cprevent all classes from serializing=E2= =80=9D then I could toggle that flag and > avoid changing every single one of the potentially thousands of classes i= n my codebase, and > I wouldn=E2=80=99t have to worry about ensuring that everyone creating a = new class remembers to add > this attribute. > > For existing sites with serializable classes we can leave the default of = this new flag to the > permissive legacy behavior: every class is serializable. However, if you = are willing and have > vetted your code you can flip that flag and now _unless_ you explicitly d= eclare serializability > support, your classes don=E2=80=99t serialize or unserialize. > > That could point to a future where _no_ class serializes _unless_ it impl= ements `__sleep()` > and `__wakeup()` or `Serializable`, which seems quite reasonable in my mi= nd as a tradeoff > between explicitness and surprise. > > Warmly, > Dennis Snell > > > On Dec 9, 2023, at 1:30=E2=80=AFPM, Max Semenik = wrote: > > > > Hi, I'd like to propose a new attribute, #[NotSerializable]. This > > functionality is already available for internal classes - userspace sho= uld > > benefit from it, too. > > > > The RFC: https://wiki.php.net/rfc/not_serializable > > Proposed implementation: https://github.com/php/php-src/pull/12788 > > > > Please let me know what you think. > > > > -- > > Best regards, > > Max Semenik > > > > --0000000000006c4879060c12de83-- > > > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php > Hi Dennis! The biggest downside for the reverse of #[NotSerializable] is that it would break almost everything that uses serialize (e.g., WordPress caching, some Symfony/Doctrine things, SQS transports, etc.). Also, there is the question of whether this would apply to json_encode() or just serialize(). PS. Please don't forget to bottom post on this list. Robert Landers Software Engineer Utrecht NL