Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:87838 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 32659 invoked from network); 21 Aug 2015 13:37:01 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 21 Aug 2015 13:37:01 -0000 Authentication-Results: pb1.pair.com smtp.mail=ircmaxell@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=ircmaxell@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.54 as permitted sender) X-PHP-List-Original-Sender: ircmaxell@gmail.com X-Host-Fingerprint: 209.85.215.54 mail-la0-f54.google.com Received: from [209.85.215.54] ([209.85.215.54:36493] helo=mail-la0-f54.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 1F/A2-03456-B7927D55 for ; Fri, 21 Aug 2015 09:37:00 -0400 Received: by lagz9 with SMTP id z9so41422771lag.3 for ; Fri, 21 Aug 2015 06:36:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=yNHG7g0uzF7/5TA+Axb0NiWyhaNmTpS3fPl7lTuR08M=; b=OUELFLLmqfbWxBFsqoF42EjBtS6e1bbcaMevmiTPTRoXJTG/iNnf3nu+y9PFwzwZ2u hVA4tT1UUTygeRT7NwHYdEZFVKLeVE3T3a9qV8fiipLUFOHfhSx9/OjKr+RvBFNCNZzo OIHos/eZ6bOKCg/RBB7v/ORCsn21SWK7gGWJtNZyyZJfpac4ECW3dWsWB+lcdNeWMpDG 5/7DDvq032C+G4Q4V+dxo5Kk4NxTxzZBBLpo7ZCpnQ0zIkABHO1pAZxR+9tAIPOFlDgD tCCrv4ETK8yH8vOBYoCj3rqjdN9XSD0EZUTkd9iCzazDlgiJqic2g2vgj3dLdcVVkAiT JinQ== MIME-Version: 1.0 X-Received: by 10.112.13.134 with SMTP id h6mr7878033lbc.45.1440164217124; Fri, 21 Aug 2015 06:36:57 -0700 (PDT) Received: by 10.25.141.131 with HTTP; Fri, 21 Aug 2015 06:36:57 -0700 (PDT) In-Reply-To: References: <99CE9AAF-E6E9-4D37-B462-E4A63139EAFB@icicle.io> Date: Fri, 21 Aug 2015 09:36:57 -0400 Message-ID: To: Scott Arciszewski Cc: Pierre Joye , Trevor Suarez , Niklas Keller , PHP Internals Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Recap - Core functions throwing exceptions in PHP7 From: ircmaxell@gmail.com (Anthony Ferrara) On Fri, Aug 21, 2015 at 6:14 AM, Scott Arciszewski wrote: > On Fri, Aug 21, 2015 at 3:52 AM, Pierre Joye wrote: >> On Fri, Aug 21, 2015 at 9:38 AM, Scott Arciszewski wrote: >>> On Wed, Aug 19, 2015 at 11:36 AM, Trevor Suarez wrote: >>>> Ah, I didn't realize this thread existed. I had just commented on the old >>>> one, but the point still stands: >>>> >>>> PHP 7.0 RC1 was just tagged. >>>> Shouldn't this be a relatively high priority to fix/decide so we don't end >>>> up with behavior that can't be fixed until PHP 8.0? >>>> >>>> On Mon, Aug 10, 2015 at 6:54 PM Niklas Keller wrote: >>>>> >>>>> > >>>>> > Okay, great, we have people on both sides on this discussion. I hope >>>>> > nobody minds if I sit this part out. >>>>> > >>>>> > What specifics need to be discussed? Should somebody set up a poll? (I >>>>> > don't know how to do that.) >>>>> >>>>> >>>>> You can find information on how to setup a poll in step 6 here: >>>>> https://wiki.php.net/rfc/howto >>>>> >>>>> Regards, Niklas >>> >>> I agree that this should be a relatively high priority. I'm not sure >>> what the next steps would be. (Aside: I still have a PR I need to >>> write that I've been holding off on until the fate of PHP 7's CSPRNG >>> feature is determined.) >>> >>> Can we reach some sort of consensus on throw new Exception vs throw new Error? >> >> I think the best would be a RFC, not only for the decision itself but >> also to have a clear view about what will be changed or affected. >> >> Cheers, >> -- >> Pierre >> >> @pierrejoye | http://www.libgd.org > > Fine, let's do this: > > 1. Violate the feature freeze for this exceptional decision. > 2. One of the folks in the camp that WANTS an RFC and a drawn out > formal decision-making process opens it with a poll. > 3. Give me voting karma. > > Let's NOT make the CSPRNG feature fail open. That is an absolutely > terrible idea. My proposal/stance: Let's make random_* throw an Exception if it cannot connect to a random source. And let's have it throw an TypeError if ZPP fails, or Error if min >= max. The first two are consistent with existing exceptions. The third (Error if min>max) is where the contention lies. I'm suggesting Error as it's consistent with parameter errors in the sense that the type may be correct, but the value isn't (hence it's the same kind of error as a parameter error, just a different sub-classification. MHO is this is too important of a distinction to simply gloss over. Having it return false (or null) will be a problem, as nobody will perform the error checks. And returning $x where `$x == 0` in a security context could be incredibly bad. As such, I think the security implications here outweigh nearly all of the other concerns about consistency and convention. That's my opinion. I'll be happy to make the changes if a RM gives me the green light to do so. Thanks Anthony