Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:90266 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 34045 invoked from network); 7 Jan 2016 16:33:46 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 7 Jan 2016 16:33:46 -0000 Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.218.44 as permitted sender) X-PHP-List-Original-Sender: pierre.php@gmail.com X-Host-Fingerprint: 209.85.218.44 mail-oi0-f44.google.com Received: from [209.85.218.44] ([209.85.218.44:35639] helo=mail-oi0-f44.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id C2/A2-21405-9639E865 for ; Thu, 07 Jan 2016 11:33:45 -0500 Received: by mail-oi0-f44.google.com with SMTP id l9so289126371oia.2 for ; Thu, 07 Jan 2016 08:33:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=OioaAQfAqnlKPJaWQqYSZJOpaBdUpg5IYCJHWOntDBU=; b=OeNn52CEhsOOIFevEfX8BV0Bk8BsxvUioZz5KeGhwkRugPxYm/XZqmcfO/vGyKHp3V o725znYgq50GiO/B53crETbPEdnEH+cuuXWhyEU+SYgsM9k0NRPiYi7eKltol0PXjtPH 5BIByet6p0YSVIBAKKssvq/FG6UtvG4CD63pM5YeRK/Ap1bzCjBKYlg0MUCB3d13FrHo Rl+eom+aeoYURyd5V9uMtIzmRq0MGTiufJ+ZtBv4XZFt+T2TTDZp0ZzVNYICYW7HEctl 7KEpA0YRv0GQYxupfYm4SMObRXI4fC17Ndxsu2y84lWQKn1Fj0tTWdsg+T/tEaa0h+to 37Eg== MIME-Version: 1.0 X-Received: by 10.202.83.74 with SMTP id h71mr73753119oib.115.1452184422993; Thu, 07 Jan 2016 08:33:42 -0800 (PST) Received: by 10.202.64.136 with HTTP; Thu, 7 Jan 2016 08:33:42 -0800 (PST) In-Reply-To: References: Date: Thu, 7 Jan 2016 23:33:42 +0700 Message-ID: To: Anthony Ferrara Cc: Scott Arciszewski , PHP Internals Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] [RFC] Libsodium From: pierre.php@gmail.com (Pierre Joye) On Thu, Jan 7, 2016 at 11:30 PM, Anthony Ferrara wrote: > Pierre, > >>> Even if we axe mcrypt and in with a net-gain of 0 extensions, you'd >>> see it as a risk? >> >> Except that we already refused to kill mcrypt, and it is not like I >> did not try to convince us to kill it. > > We decided not to kill it for 7.0. That doesn't mean it got a permanent buy... It is pretty much a 7.x permanent buy, yes. And that's why we pushed hard to kill it before. Unless we consider killing extensions in minor releases a non BC break ;-) >>> Let me state this clearly: I'm personally not going to bother pushing >>> for a pluggable crypto API if the only option is to use OpenSSL and >>> all its legacy cruft. I especially don't have lukewarm feelings >>> towards RSA or ECDSA, which are your only real options with it. >>> >>> I feel that it simply would not be a worthwhile use of my time to do >>> so. If Internals decides "no libsodium" but "yes pluggable crypto >>> API", you'll have to find someone else to spearhead it. >> >> Sorry, my point was not clear. >> >> I do like the concept of a pluggable crypto API. Very much. I said it >> before and I say it again. I love the concept and will do what I can >> to support it :) >> >> What I do not like too much is the addition of an extension with >> (relatively) low level functions for one specific library. It does not >> really matter how good is this specific library, I simply do not see >> such addition as a good strategic move. > > I agree with you in principle, but in this particular case I think > that there's enough justification considering how measurably bad > mcrypt is, and how little some people trust openssl. That leaves no > room in core. So in this case I think it *may* be worth it to add it. If the pluggable API one won't show up before 7.2/3, yes. If we potentially can sort it out for 7.1/2/3, then no. Cheers, -- Pierre @pierrejoye | http://www.libgd.org