Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:81321
Return-Path: <nikita.ppv@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 5381 invoked from network); 28 Jan 2015 18:09:00 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 28 Jan 2015 18:09:00 -0000
Authentication-Results: pb1.pair.com header.from=nikita.ppv@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=nikita.ppv@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.212.171 as permitted sender)
X-PHP-List-Original-Sender: nikita.ppv@gmail.com
X-Host-Fingerprint: 209.85.212.171 mail-wi0-f171.google.com  
Received: from [209.85.212.171] ([209.85.212.171:44849] helo=mail-wi0-f171.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 61/77-44076-AB529C45 for <internals@lists.php.net>; Wed, 28 Jan 2015 13:08:58 -0500
Received: by mail-wi0-f171.google.com with SMTP id l15so13816104wiw.4
        for <internals@lists.php.net>; Wed, 28 Jan 2015 10:08:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=fBAQO3huaVo/FwRuathLYvwMjaKA6xulAktCzxvJnjs=;
        b=hMlox+QYk/CS3emTILhUbxd5BwnTSJ3cDs6rDUFy9SueHQaIrVWfGtWVBce7zZWY5G
         Vk8Dbeu+Luo/JkVSXg93JwhfHJs1/zRgF+6PKGxFBVLl/XKVmdpGAiWLse4Hez44ToPp
         e0GTlaX0a+XQ4/nTT0KzEFz0fBkzhWZiTfaYdpa58s2oKWtPuggqtktM9ttJ1/a2lP0+
         fyqjaiFDm1TNTU1WSA65GjCaDaNwI9vt/0BJm6KS90GFYm1HyCHQa1Vj9PLZ8pv8m2cw
         69UmATEhx8JVwIaubAanQsvpYiBu0F8iobTrxV5XLzuR1Qjk7U90nNtzNTNwnONz6TpR
         umEw==
MIME-Version: 1.0
X-Received: by 10.180.90.177 with SMTP id bx17mr9565697wib.36.1422468524752;
 Wed, 28 Jan 2015 10:08:44 -0800 (PST)
Received: by 10.27.10.138 with HTTP; Wed, 28 Jan 2015 10:08:44 -0800 (PST)
In-Reply-To: <54C8D36E.7010803@php.net>
References: <54C8D36E.7010803@php.net>
Date: Wed, 28 Jan 2015 19:08:44 +0100
Message-ID: <CAF+90c98Mrj17p7ZPc=0eAYyt01-8rCpSBX9wRrKPKFO+gdZTg@mail.gmail.com>
To: Michael Wallner <mike@php.net>
Cc: PHP Internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=f46d043c7dd21f493d050dba43bc
Subject: Re: [PHP-DEV] [RFC] [VOTE] pecl_http
From: nikita.ppv@gmail.com (Nikita Popov)

--f46d043c7dd21f493d050dba43bc
Content-Type: text/plain; charset=UTF-8

On Wed, Jan 28, 2015 at 1:17 PM, Michael Wallner <mike@php.net> wrote:

> Hi,
>
> Discussion has been very low on this topic since it was proposed on
> August 19th, so I just opened the vote on the RFC whether to add
> pecl_http to the core. The vote will be open until about 12:00 UTC on
> Friday, February 6th.
>
> https://wiki.php.net/rfc/pecl_http#vote
>

I don't feel like this RFC leaves me in a position to make a qualified
choice as to whether this extension should be included or not. There's just
way too little information in here, and I don't think an extension like
this should be added lightly.

I understand that it may not be feasible to include full API design
documents in an RFC, but there's a lot of other things that just aren't
clear to me. A few random points:

 * While the RFC does not mention it, I understand that pecl_http has hard
dependencies on two other extensions. What do these extensions do and how
is the integration in core supposed to be handled?
 * The RFC mentioned that "pecl_http adds processing for json request
bodies into $_POST". Could you elaborate on this, in particular when this
is enabled and how automatic it is? Did you give proper consideration to
the security implications that this has? E.g. are you confident that the
implementation is HashDOS resistant?
 * A number of libraries and frameworks already provide functionality that
intersects with parts of the pecl_http extension. There's also the upcoming
PSR-7 standard that might be of relevance. How does the API exposed by
pecl_http compare to these / follow existing APIs / standards?
 * How does this extension relate to curl, in particular how is the
dependency situation and what happens when the dependency is not met? What
other optional dependencies are there?
 * Why do we need to include these kinds of APIs directly into PHP instead
of the current situations where object oriented HTTP APIs are implemented
by libraries / frameworks and can evolve independently of PHP?

Generally I am not entirely convinced that we should be including any
"high-level" APIs in this direction. With the advent of Composer it is
trivial to include an HTTP library written in PHP. I'm generally not a fan
of including functionality in core if there is no strong reason why it
can't or shouldn't be implemented as a userland library. Including
something in core usually freezes it for all time and makes future
improvements very hard.

What I would be primarily interested in here is the addition of "low-level"
APIs for handling HTTP - in particular functions for parsing raw strings.
This is a performance sensitive part that can benefit from a C based
implementation. (While high-level APIs benefit less from C - or even
anti-benefit by being buggier and harder to adjust.)

TL;DR I need more info to make an informed choice.

Nikita

--f46d043c7dd21f493d050dba43bc--