Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:93806 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 70535 invoked from network); 5 Jun 2016 08:50:45 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 5 Jun 2016 08:50:45 -0000 Authentication-Results: pb1.pair.com smtp.mail=php@fleshgrinder.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=php@fleshgrinder.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain fleshgrinder.com from 77.244.243.84 cause and error) X-PHP-List-Original-Sender: php@fleshgrinder.com X-Host-Fingerprint: 77.244.243.84 mx103.easyname.com Received: from [77.244.243.84] ([77.244.243.84:36695] helo=mx202.easyname.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id A0/13-55579-3E7E3575 for ; Sun, 05 Jun 2016 04:50:44 -0400 Received: from cable-81-173-133-15.netcologne.de ([81.173.133.15] helo=[192.168.178.20]) by mx.easyname.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1b9TlY-0004jS-Jh; Sun, 05 Jun 2016 08:50:40 +0000 Reply-To: internals@lists.php.net References: <8ebf9e48-62e5-fae5-d234-448be3c1f9d2@fleshgrinder.com> To: Scott Arciszewski , PHP Internals Message-ID: <0eac40ba-2a45-655e-1078-7d27ac193b01@fleshgrinder.com> Date: Sun, 5 Jun 2016 10:50:33 +0200 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="vphK8GtR9uroXikIeDx0uR8cpvgBWU1LC" X-ACL-Warn: X-DNSBL-BARRACUDACENTRAL Subject: Re: [PHP-DEV] [RFC] Libsodium - Discussion From: php@fleshgrinder.com (Fleshgrinder) --vphK8GtR9uroXikIeDx0uR8cpvgBWU1LC Content-Type: multipart/mixed; boundary="CdB5GDLm3S6vdAuS3TF3vjAQpVMrVCxTf" From: Fleshgrinder Reply-To: internals@lists.php.net To: Scott Arciszewski , PHP Internals Message-ID: <0eac40ba-2a45-655e-1078-7d27ac193b01@fleshgrinder.com> Subject: Re: [PHP-DEV] [RFC] Libsodium - Discussion References: <8ebf9e48-62e5-fae5-d234-448be3c1f9d2@fleshgrinder.com> In-Reply-To: --CdB5GDLm3S6vdAuS3TF3vjAQpVMrVCxTf Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 6/5/2016 10:35 AM, Scott Arciszewski wrote: > All my problems? How do I get non-root users to install it? >=20 How is it possible for them to use it now? You mentioned breaking changes for existing library users. ;) :P PHP is not meant to support you extending your user base, no offense! Our goal is to design an effective and easy to use dynamic high level language for web development. On 6/5/2016 10:35 AM, Scott Arciszewski wrote: > That's the pluggable crypto API RFC, which I probably won't be able to > propose until 7.2. Feel free to pick it up if you'd rather advocate > for that. >=20 I already offered you my full support but I doubt that I can do this on my own. I like crypto and I know a few things but this is a really hard topic. Additionally I already said that moving sodium from PECL to core just to have it there is super bad for many reasons. Let's concentrate on the nice API, even if that means that it will not land in core before 7.2. You are effectively introducing more PHP sadness with the proposed API. PHP sadness reminds me, all the OpenSSL and mcrypt crap should be deprecated and removed too once we have better replacements. That should directly be part of the RFC or people will forget and it stays forever. On 6/5/2016 10:35 AM, Scott Arciszewski wrote: > Put yourself in the shoes of, say, a Python developer who uses > libsodium all the time who comes to PHP. If they don't find crypto_box > and crypto_secretbox, they're going to get confused. >=20 It is not readily available in most other language, there are mostly libraries for it. Hence, the Python users are facing this problem every d= ay. https://download.libsodium.org/doc/bindings_for_other_languages/ Everyone who knows crypto know asymmetric and symmetric and they can find them on Wikipedia, whereas a search for "secret box wikipedia" leads us to: https://en.wikipedia.org/wiki/Puzzle_box :P PHP is a higher programming language, we want to make it easy for the beginner and average user. Professionals find their own ways and eventually end up here if they are really unsatisfied. ;) --=20 Richard "Fleshgrinder" Fussenegger --CdB5GDLm3S6vdAuS3TF3vjAQpVMrVCxTf-- --vphK8GtR9uroXikIeDx0uR8cpvgBWU1LC Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXU+fdAAoJEOKkKcqFPVVrTMkP/19+szkVMLWJzWeZ9zj07wi3 UK5oJmqmrj2ivpd/PpjjxFt7Df2d/rKKfFWm3YacaM5Wrc+1qvsFDrIBCP+blsVK 8CrrAAfAta3J16dQwOhSciTbXZ53EKuLGsN4qA4rSk0PdU7YfCGBYuVjwxHHy6nB xwrFtRnPfl39W7Jz/R54p5BNepLINbpFhjhrAGD4VTij0hfnL8gVxYmApUQ6lLBT Lyt0XUu7LjA1DdrXq23zyCkmVyTEhKt7ZwI03xka0Qez9H3C/gfyRzXWn5DKyRjO 20l73gIKnOU/oXH6n9Eyh9ibMNt5G6M3RlmYWOLHAn6W/z+dCesUS4ci4f66AcqE K06Admr2YiVCjsRjZ6yIThIFSHdxMWvDr66PFQRmsp/OaUzaCaU5+JJk9OOzQTp2 bfyAEl2bUxwWdk8WVYkRczjhgRADZc9up1IpABoSki7p+AuA1fRzHGVD/AXLbWds y9LxNdx8gqYnAtj0UjJvEH+OShyJWF4kDRUfVTlF+vT9B0a+sJg73HymKAnvL9th XE26OCwX1XqerePfI4EQ5C1m4gVPPMgfl+zbCJaMnI4bTEhMqknG5QNMUuUc5lq9 LVadFAgNH/C/Rayk4a55FX8uIfMhc0xG6+N0fvAbOT+I+CPqAXvnv2jvQqHSypk0 dnnY4VRGKZhgfB56hz96 =2PVT -----END PGP SIGNATURE----- --vphK8GtR9uroXikIeDx0uR8cpvgBWU1LC--