Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:82401
Return-Path: <adam@adamharvey.name>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 82404 invoked from network); 10 Feb 2015 23:54:24 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 10 Feb 2015 23:54:24 -0000
Authentication-Results: pb1.pair.com header.from=adam@adamharvey.name; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=adam@adamharvey.name; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain adamharvey.name designates 209.85.223.177 as permitted sender)
X-PHP-List-Original-Sender: adam@adamharvey.name
X-Host-Fingerprint: 209.85.223.177 mail-ie0-f177.google.com  
Received: from [209.85.223.177] ([209.85.223.177:44487] helo=mail-ie0-f177.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 63/C8-32490-E2A9AD45 for <internals@lists.php.net>; Tue, 10 Feb 2015 18:54:23 -0500
Received: by iecar1 with SMTP id ar1so237218iec.11
        for <internals@lists.php.net>; Tue, 10 Feb 2015 15:54:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=adamharvey.name; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc:content-type:content-transfer-encoding;
        bh=yR0scPOTBmNZNd+9thkGUuU0FIAjtsMnYpbpEH2QPCg=;
        b=rnI8cI42dbXB51kfJL6r5rX8tLPBxaUsHitCu66FhEz0ep39dsVVF9LE9hmCxL7B1r
         ubt5mvtInWqoaJBHAJ6Me4y4ztiiCXS0PcY5vNEbtlC/2KqKeMjZlNxVJvGaRdnu18T4
         SypRYs18TUwKyjNSF0yN1rvqGidkbadJceL30=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc:content-type
         :content-transfer-encoding;
        bh=yR0scPOTBmNZNd+9thkGUuU0FIAjtsMnYpbpEH2QPCg=;
        b=cyfkhYxVhA4YVjjE5ogsYSZT5LClvR1CtXcpZAYP3ETxg6NR1FYoocPRWJQq548YcP
         2fmxWZH5o6/uAldnXbQOYM/nFYi32jiDfHf1GkRgZBtvg+FuljEzJ3ORKY9TLWvxaxJk
         QrAc2WHBXMeUeGvRyLON3/e5dmJzwfThjJZ8Xz8eR7ka1r3c7blBjAb+J5ibIw4ge1Ia
         nT2FbzDVh52cgZSMRr9V2FcedK6ZJ/ox2phVbSxDPrjfMS09N2U9w4DGF+ZXz1WDm0Za
         ex2VOd1lKbX//zBKIefwQzrvXSGHQiVi05iW9UOlncuulKmMu+83G2tO+Ppjl+0GN+Pi
         R/aw==
X-Gm-Message-State: ALoCoQlWHwqlmDw71VvqpI1Y4SsnsnXCjfsXDkzzIxQ4eY3nojUG3mD2gY3iolKWqFu4cLvtwAxF
X-Received: by 10.107.15.156 with SMTP id 28mr3470996iop.57.1423612458437;
 Tue, 10 Feb 2015 15:54:18 -0800 (PST)
MIME-Version: 1.0
Sender: adam@adamharvey.name
Received: by 10.43.112.9 with HTTP; Tue, 10 Feb 2015 15:53:58 -0800 (PST)
In-Reply-To: <CAKxcST-HgaLO+EHh0xoxSefK4J3H2d1EMCWHD6z8O69oVL4m8Q@mail.gmail.com>
References: <bc6d032454578020cdd2cef172698534.squirrel@webmail.klapt.com> <CAKxcST-HgaLO+EHh0xoxSefK4J3H2d1EMCWHD6z8O69oVL4m8Q@mail.gmail.com>
Date: Wed, 11 Feb 2015 07:53:58 +0800
X-Google-Sender-Auth: yLzbH3YoMW_-zszkeytVlqhK3wM
Message-ID: <CADajX4AGuQw55NzQA4Fz-53ya3OOAJzUM1Y4iO=+YwTF3OTezw@mail.gmail.com>
To: Paul Dragoonis <dragoonis@gmail.com>
Cc: Anatol Belski <anatol.php@belski.net>, PHP Internals List <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] [RFC][VOTE][RESULT] Removal of dead or not yet PHP7
 ported SAPIs and extensions
From: aharvey@php.net (Adam Harvey)

On 11 February 2015 at 06:59, Paul Dragoonis <dragoonis@gmail.com> wrote:
> On Mon, Feb 9, 2015 at 10:29 PM, Anatol Belski <anatol.php@belski.net>
> wrote:
>> ext/mssql              17:13
>
> Did you accidentally miss out mssql? it resultes in significant resistanc=
e
> to leave core, such as mcrypt and ignoring mathematical numbers, from a
> practical basis I'd like to see mssql kept in core. Who's with me ?

Since it's apparently my week for this, I'll provide the case for the
defence (or why I voted for removal, anyway):

- The API is awful in the exact same ways the ext/mysql API was awful
=E2=80=94 it makes it far harder to write secure code than it should be.

- Actually, it's worse than that, because there's no charset-aware
escaping function at all: the only option is addslashes(), which has
interesting security implications if you're using certain charsets.

- It's buggy. Some of the bugs are due to the underlying library
(which is mostly dead); some are in our code, but there are some
fundamental issues =E2=80=94 basic data types (nvarchar(128), for example)
aren't supported, field names are truncated, stored procedure calls
are problematic, and probably many more things that I've forgotten.

- The bugs probably aren't going to be fixed. ext/mssql averages about
one to two non-whitespace, non-copyright-year-increment commits a
year. A cursory look at the bug tracker (or my ##php logs) will tell
you that it's not because it's stable and free of bugs.

- There are multiple better options: using ODBC is almost always more
stable, and while PDO_dblib has some of the same problems due to
FreeTDS, at least you're using PDO's better (by which I mostly mean
harder to misuse) API.

In my mind, this is analogous to removing ext/mysql: it's the right
thing to do for our users because it promotes better practices and
gets rid of an extension that has even more technical issues than that
one did.

Finally, Anatol's tally was wrong for this one: it was 17:3 for
removal. That's a pretty strong indicator by itself.

Adam