Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:88779
Return-Path: <rowan.collins@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 16621 invoked from network); 13 Oct 2015 14:52:49 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 13 Oct 2015 14:52:49 -0000
Authentication-Results: pb1.pair.com header.from=rowan.collins@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=rowan.collins@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.217.181 as permitted sender)
X-PHP-List-Original-Sender: rowan.collins@gmail.com
X-Host-Fingerprint: 209.85.217.181 mail-lb0-f181.google.com  
Received: from [209.85.217.181] ([209.85.217.181:35920] helo=mail-lb0-f181.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id C1/02-05441-0CA1D165 for <internals@lists.php.net>; Tue, 13 Oct 2015 10:52:49 -0400
Received: by lbcao8 with SMTP id ao8so23353535lbc.3
        for <internals@lists.php.net>; Tue, 13 Oct 2015 07:52:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=subject:to:references:from:message-id:date:user-agent:mime-version
         :in-reply-to:content-type:content-transfer-encoding;
        bh=AxTOH7heJJ1NTcSrKah+BLjtZ2Cyn7FWZyTIOvXEI2Q=;
        b=NjWX76di9/Ov9cpnHpCHVkCltyw8YUunSBdFyY7ZbK0BJ53l8znewHUluVDbV6rrh8
         5QUUIZuHePX6a9eHpq/Iujpn9KrWaMXU4bv0hhipG2bKQIXTV9PczrK2gTQzj09oAuFc
         Ka4S2X/M2Iz9ZsIqQXVRRcNYS+cUe7bvCowcXUEkWHHXxWRczU3PTYb4PR6b9LJ0aowI
         eyqVfYT23ZroOD+uyx+LZ9pe0u94P3zXxFeSN1DsiYlgHHb7Ro+DSfr9IekMSy71x6Eg
         Ib0ZFLB6moGUoX/i0xH9SVeXuav8WLCR+j6mYlv75KT8Leucv4G2BdhAichkfpqOKVzr
         b6qA==
X-Received: by 10.112.184.137 with SMTP id eu9mr15131089lbc.21.1444747965607;
        Tue, 13 Oct 2015 07:52:45 -0700 (PDT)
Received: from [192.168.0.132] ([93.188.182.58])
        by smtp.googlemail.com with ESMTPSA id oi5sm588316lbb.13.2015.10.13.07.52.44
        for <internals@lists.php.net>
        (version=TLSv1/SSLv3 cipher=OTHER);
        Tue, 13 Oct 2015 07:52:44 -0700 (PDT)
To: internals@lists.php.net
References: <D241C8B9.65E53%fsb@thefsb.org>
Message-ID: <561D1AB4.5000303@gmail.com>
Date: Tue, 13 Oct 2015 15:52:36 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <D241C8B9.65E53%fsb@thefsb.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Port random_bytes to PHP 5
From: rowan.collins@gmail.com (Rowan Collins)

Tom Worster wrote on 13/10/2015 01:29:
> Could we regard random_bytes() as a security patch rather than a new
> feature and therefore port it to PHP 5?

Whether or not it's good for security, it's still a feature - you still 
have to code your application to depend on this feature being present, 
or provide some kind of polyfill.

Adding functions in patch versions is very messy, IMHO, because in 
practice people will be using packaged binaries. Distros like 
Debian/Ubuntu actually roll their own patch releases rather than using 
the official release versions; other distros might simply lag behind; 
applications need to support multiple environments which aren't equally 
up to date, etc.

There may need to be a concerted campaign of "don't be scared to upgrade 
to PHP 7", but ultimately having people want the features in it is a 
Good Thing, and the more you backport, the more you fragment the ecosystem.

Regards,
-- 
Rowan Collins
[IMSoP]