Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:82394
Return-Path: <rowan.collins@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 61774 invoked from network); 10 Feb 2015 21:56:30 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 10 Feb 2015 21:56:30 -0000
Authentication-Results: pb1.pair.com smtp.mail=rowan.collins@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=rowan.collins@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.212.177 as permitted sender)
X-PHP-List-Original-Sender: rowan.collins@gmail.com
X-Host-Fingerprint: 209.85.212.177 mail-wi0-f177.google.com  
Received: from [209.85.212.177] ([209.85.212.177:64178] helo=mail-wi0-f177.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 11/A4-32490-D8E7AD45 for <internals@lists.php.net>; Tue, 10 Feb 2015 16:56:30 -0500
Received: by mail-wi0-f177.google.com with SMTP id bs8so555897wib.4
        for <internals@lists.php.net>; Tue, 10 Feb 2015 13:56:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=user-agent:in-reply-to:references:mime-version
         :content-transfer-encoding:content-type:subject:from:date:to
         :message-id;
        bh=+b+qLRS8FQO5jFkBfK19ePYMOipn9wd9ascylrgzAXc=;
        b=YBA/7TO/ly2LdWqYjamFCz89sTRjjX9iRfpVl7N5RETS21IY45mGm5+lg817TYKPCk
         ZVkqNi3wunNrzetP96lbP02N+Q4t8abPIZXGK+/AYg4gGc/2BtbGew0NZogXkcvtI6Lg
         uKpK14MY9eGsNEy4oXMVK/skmnKNIYElQGjR5XdwendjF8oRlCL78xMcND2jMrg2h3LI
         RRMq34O/4Dkaf0XYbNQfUcNKK+Dj0q33HZEW1lzZFE1s6O3tIjkp11Gnx1FWrWOHZjkK
         YhwBcAr5GjmJCV4hMzYmaR+CpKNT2wL58/AMfwMMkhcn5cwm0pHFdYCmBWGyHVOSWxZ+
         /h/A==
X-Received: by 10.180.218.229 with SMTP id pj5mr14354115wic.85.1423605385659;
        Tue, 10 Feb 2015 13:56:25 -0800 (PST)
Received: from [192.168.0.3] (cpc68956-brig15-2-0-cust215.3-3.cable.virginm.net. [82.6.24.216])
        by mx.google.com with ESMTPSA id df8sm11831016wib.2.2015.02.10.13.56.24
        for <internals@lists.php.net>
        (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
        Tue, 10 Feb 2015 13:56:24 -0800 (PST)
User-Agent: K-9 Mail for Android
In-Reply-To: <80E6AA15-23FA-4A77-B50E-6819120E7B58@gmail.com>
References: <bc6d032454578020cdd2cef172698534.squirrel@webmail.klapt.com> <80E6AA15-23FA-4A77-B50E-6819120E7B58@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
 charset=UTF-8
Date: Tue, 10 Feb 2015 21:55:19 +0000
To: "internals@lists.php.net" <internals@lists.php.net>
Message-ID: <8F90E56D-CB77-47F2-B2C1-91CEA95CD5C0@gmail.com>
Subject: Re: [PHP-DEV] [RFC][VOTE][RESULT] Removal of dead or not yet PHP7 ported SAPIs and extensions
From: rowan.collins@gmail.com (Rowan Collins)

On 10 February 2015 21:38:02 GMT, David Muir <davidkmuir@gmail.com> wrote:
>
>> On 10 Feb 2015, at 9:29 am, "Anatol Belski" <anatol.php@belski.net>
>wrote:
>> 
>> Hi,
>> 
>> the voting on the removals in PHP7 in hereby finished. The results
>are
>> 
>> 
>> item                   yes:no
>> 
>> sapi/aolserver         32:0
>> sapi/apache            32:0
>> sapi/apache_hooks      31:0
>> sapi/apache2filter     23:1
>> sapi/caudium           30:0
>> sapi/continuity        28:0
>> sapi/isapi             28:0
>> sapi/milter            10:9
>> sapi/phttpd            26:0
>> sapi/pi3web            24:0
>> sapi/roxen             23:0
>> sapi/thttpd            25:0
>> sapi/tux               25:0
>> sapi/webjames          25:0
>> ext/imap               14:19
>> ext/mcrypt             15:18
>> ext/mssql              17:13
>> ext/pdo_dblib          4:18
>> ext/sybase_ct          17:1
>> 
>> As most of the items are considered to be removed, the ones to stay
>> untouched by the 50%+1 requirement are
>> 
>> ext/imap
>> ext/mcrypt
>> ext/pdo_dblib
>> 
>> I'm going to implement and tag the changes considered ASAP. Regarding
>the
>> stuff to considered to be removed from the core - if there are some
>> supporters, the sources will be made available in the git tag. They
>can be
>> anytime ported to PHP7 and possibly resurrected.
>> 
>> Regards
>> 
>> Anatol
>> 
>> 
>> 
>> 
>> -- 
>> PHP Internals - PHP Runtime Development Mailing List
>> To unsubscribe, visit: http://www.php.net/unsub.php
>> 
>
>Does this mean PHP will be taking on the role of maintaining libmcrypt
>as well? If a security issue is found, what is the course of action?

It means people want to find some more friendly way of moving forward rather than deleting the extension and letting users deal with the consequences.

I don't think anyone has suggested maintaining the underlying library. Several have suggested attempting to build at least a partial compatibility layer on top of openssl or other maintained libraries. Others have suggested adding aggressive warnings whenever the extension is used. I'm sure more suggestions will follow.

What is clear is that *something* should be done, but that consensus was that simple removal was not appropriate in this case.

Regards,
-- 
Rowan Collins
[IMSoP]