Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:124615
X-Original-To: internals@lists.php.net
Delivered-To: internals@lists.php.net
Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5])
	by qa.php.net (Postfix) with ESMTPS id 062281A00B7
	for <internals@lists.php.net>; Fri, 26 Jul 2024 14:20:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail;
	t=1722003721; bh=oYrVdFxoQN//ovccaaJZbz7qqIPRRszyx1WBwTIyzeg=;
	h=In-Reply-To:References:Date:From:To:Subject:From;
	b=lBx/NuRvSDJACPrPG+fmluk6L5JvHA7D+YN1IPLSd4Wk/aPQ08UpASsNly8EaT+u3
	 51RN1gaKcYyFl3laZHriDcIUWaXmQeBFTh43FfAxvA6wTH7qYmEJsh1STkEBO13GBY
	 opVR+MJlBJMv2obGae51J28SDV0+CFNMJXPhAvfa7PbJmptSV/Mn6sKAPNDRjoeQtw
	 cpgKxBhBeHeqadoaTSn1angS1zpULZ/+a5RNBYJD5I3zf8T3SlcedHeQ1XHu39V738
	 RtaqH4woeNaKE+Dl2l5heYflgCwzzT3W9+dEvwOfCzZsXjHW9BndLP21DO009UnJjv
	 Fsh2zYD7dnPqQ==
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 0E75E18003F
	for <internals@lists.php.net>; Fri, 26 Jul 2024 14:22:00 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_50,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_MISSING,RCVD_IN_DNSWL_LOW,
	SPF_HELO_PASS,SPF_NONE autolearn=no autolearn_force=no version=4.0.0
X-Spam-Virus: No
X-Envelope-From: <larry@garfieldtech.com>
Received: from fout6-smtp.messagingengine.com (fout6-smtp.messagingengine.com [103.168.172.149])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Fri, 26 Jul 2024 14:21:59 +0000 (UTC)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
	by mailfout.nyi.internal (Postfix) with ESMTP id E068D13801CB
	for <internals@lists.php.net>; Fri, 26 Jul 2024 10:20:21 -0400 (EDT)
Received: from wimap23 ([10.202.2.83])
  by compute3.internal (MEProxy); Fri, 26 Jul 2024 10:20:21 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	garfieldtech.com; h=cc:content-type:content-type:date:date:from
	:from:in-reply-to:in-reply-to:message-id:mime-version:references
	:reply-to:subject:subject:to:to; s=fm3; t=1722003621; x=
	1722090021; bh=IHWocMnm3IyMSk1VwBi1ss5fX38FI0R4EAWmnDBfu0U=; b=L
	G+PkcSMnxk8pEBDVyNqkd7cbaWWX13egT1Aa2IhOKqjJ2y9knFwYHMz/2Oy7x/wT
	8/U9VEYaxGJAu3u1w03GrV+EnGd0axXQIvF9ET6xhpPD3AjLyf6e19elUBSWAtYk
	VGxg0yORlotrA9XGTTZpJvwA6AMMaqAtPtsxLuOjMDHO7NHkC8G1AySf0lYZQyZc
	vFZwNlMONGlwmcPQrwmswXXQ4YO7vMyQWseAgzc3TG1nlaTHjBgXAlhyT71erzXB
	Bmryuo5Bb5jjiNN5kfdz9SmBjyednLV+BPBDMC+ktkAinM88YuODiWzQCZLn0aam
	9ZU3yoC31KLq5hiBbTUew==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:subject:subject:to
	:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
	fm3; t=1722003621; x=1722090021; bh=IHWocMnm3IyMSk1VwBi1ss5fX38F
	I0R4EAWmnDBfu0U=; b=mWl3nEmUxUVSPQUmC09pucILuj7Vk6Z2rd77B8G/tTb1
	jn27pknnIrJLQXNxFhwEhpASzIIXSdzCvmTypsFRaSkbz4IrIoPhHwwiKmgca0is
	TKHenZrjSl/cdP8SBsMQZ76Lo7MLlkHuLsOh0S9epUpY9DFR3csGZVfnfomERVmS
	EaG1eieb1rv8MXM/Mg8kbsSjjTFvbTOaIwZzEiGU9drTZk57ZzuNoADG0n9t8hKa
	eMGhjQ8lwScHik8v4Pt6JqobhQfED+WyHHipHN70h7TZNpFm576GDfJfvLKBsDEj
	JnLgDm9YizQX9riAF3f6ePbYE7t8WaFzgeDTZTgqpQ==
X-ME-Sender: <xms:pbCjZo1AkLQDasqLKZNtC2ntknJyJZckb8khE3ErR1YqSvd_yJjDBw>
    <xme:pbCjZjFGXItt9XzSzwOpHGB0Qnz6-AprsC0S4eS7caET9Dsbv2mU9zl03xzoFTieI
    tvXCfnWzC8txw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrieehgdejjecutefuodetggdotefrodftvf
    curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
    uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc
    fjughrpefofgggkfgjfhffhffvufgtsehttdertderredtnecuhfhrohhmpedfnfgrrhhr
    hicuifgrrhhfihgvlhgufdcuoehlrghrrhihsehgrghrfhhivghlughtvggthhdrtghomh
    eqnecuggftrfgrthhtvghrnhepueeitdejkeffvdehjeeujeettddvffehheffvdegleei
    udeufedvhfevheeihedvnecuffhomhgrihhnpehophgvnhifrghllhdrtghomhdpgidrtg
    homhdpghhithhhuhgsrdgtohhmnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghm
    pehmrghilhhfrhhomheplhgrrhhrhiesghgrrhhfihgvlhguthgvtghhrdgtohhmpdhnsg
    gprhgtphhtthhopedt
X-ME-Proxy: <xmx:pbCjZg5B5mcRZuxxj7WQuCrjJ9XZMDD37koY8q0zKzFVjKX68IpLMA>
    <xmx:pbCjZh2zR33oI9Mjc_RbF3hj3YmQNCN3P6L7LuKc7h3tdh7Ptn6kNw>
    <xmx:pbCjZrEVc0PKd8FkaVH4aTPjsMu0bjcGAqYia-2HBFLxc6hSdTORZA>
    <xmx:pbCjZq_ejxv4I-og07tiYevwZ57r7rh9T0_njgVUN5RMpatYML0QrQ>
    <xmx:pbCjZiyuVkrcxT4V1JXcRLLUmUEBjYbeFmNDVY96x-qOgYBb9es9UOml>
Feedback-ID: i8414410d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501)
	id 972982920064; Fri, 26 Jul 2024 10:20:21 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.11.0-alpha0-582-g5a02f8850-fm-20240719.002-g5a02f885
Precedence: bulk
list-help: <mailto:internals+help@lists.php.net
list-unsubscribe: <mailto:internals+unsubscribe@lists.php.net>
list-post: <mailto:internals@lists.php.net>
List-Id: internals.lists.php.net
x-ms-reactions: disallow
MIME-Version: 1.0
Message-ID: <d54b99fd-64ea-40f2-9fee-c904f1305893@app.fastmail.com>
In-Reply-To: <89096756-9f50-4b10-9630-d3b18e4b9c29@gmx.de>
References: 
 <USzt7tZZlO1DmAbSTLhD-bqa23FqZn0zk2aah8Ndxgk9c7RY5PefQ8MjbYPUYAzr2_m4Cf-5AI4PuNBTS84rim_FNS6RaT-cWSv714HEvvU=@gpb.moe>
 <1a88918e-e808-d778-45e1-53797660e093@php.net>
 <CAPrKfG5Cw_nU7g7FR+t4C1-YZ8CDsDO_-sRs=yEsHO5kCTZL+A@mail.gmail.com>
 <95147d9d-d6e8-4396-bf0b-409c33679f90@bastelstu.be>
 <CAPrKfG4TijmZ_N9512_Fk9MBUNg=E6PjNTy-bCbV8CAj9_wX8A@mail.gmail.com>
 <CAPrKfG7Hi0SGbLA31V-9KjHM50QaX+Q=PptuO4+VMOrz7d9eBA@mail.gmail.com>
 <G9IiDe18a2ZhrXPA-zljNZsawKCZxlTn2ACfJpM32scdRkRflZ2rM6Ra8z88ZYDczomex4pffxZMpVhEjdB74YQXXNyqJkd7rQdDGA14HC0=@gpb.moe>
 <89096756-9f50-4b10-9630-d3b18e4b9c29@gmx.de>
Date: Fri, 26 Jul 2024 14:20:00 +0000
To: "php internals" <internals@lists.php.net>
Subject: Re: [PHP-DEV] [RFC] [VOTE] Deprecations for PHP 8.4
Content-Type: text/plain
From: larry@garfieldtech.com ("Larry Garfield")

On Fri, Jul 26, 2024, at 11:11 AM, Christoph M. Becker wrote:
> On 26.07.2024 at 12:03, Gina P. Banyard wrote:
>
>> Stephen Rees-Carter, a security expert that has performed countless security audits on Wordpress and Laravel websites, would like to disagree with the fact that it is not enough of a good reason. [1]
>> A warning on a documentation page is useless, as nobody is forced to read it.
>
> Right, but even a deprecation notice is likely to be ignored by those
> (either use the shut-up operator, or use hash("md5), or maybe a polyfill
> to support old PHP versions), so the deprecation wouldn't help in such
> cases.
>
> (I've recently seen a new release of a software which still uses
> <https://www.openwall.com/phpass/>.  Apparently, the notice to prefer
> the password_*() API has been ignored or overlooked.)
>
> On the other hand, I'm quite confident that a deprecation could be
> useful for some developers, who would at least reconsider the use of
> md5/sha1 hashes, but just have overlooked this; although some static
> analysis should report respective issues.  However, there is certainly
> code without any static analysis, where at least this discussion appears
> to be helpful, e.g. our php-sdk-binary-tools might reconsider their use
> of md5() and md5(uniqid())[2].
>
> Note that I'm not against these deprecations, but I'm also not strongly
> in favor.  I see valid arguments from both proponents and opponents.
>
>> [1] https://x.com/valorin/status/1816593881791860963
>
> [2] <https://github.com/php/php-sdk-binary-tools/issues/21>
>
> Cheers,
> Christoph

One thing to remind people about, the deprecations for md5(), sha1(), and uniqid() explicitly say they cannot be outright removed before PHP 10.  That's at least 6 years away.  That gives a loooooong time for documentation, tutorials, instructions, and code to be updated.

That long deprecation period is the reason why I was comfortable voting yes.  This isn't something that would happen tomorrow.  It would be in at least two presidential elections from now.

--Larry Garfield