Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:93821 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 18450 invoked from network); 5 Jun 2016 19:33:32 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 5 Jun 2016 19:33:32 -0000 Authentication-Results: pb1.pair.com smtp.mail=jakub.php@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=jakub.php@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.42 as permitted sender) X-PHP-List-Original-Sender: jakub.php@gmail.com X-Host-Fingerprint: 209.85.213.42 mail-vk0-f42.google.com Received: from [209.85.213.42] ([209.85.213.42:36854] helo=mail-vk0-f42.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 4B/71-09778-B8E74575 for ; Sun, 05 Jun 2016 15:33:31 -0400 Received: by mail-vk0-f42.google.com with SMTP id c66so21711823vkb.3 for ; Sun, 05 Jun 2016 12:33:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=ZGTAhGNVsrR1vzRRkEeJqp6Cs8G2D9jQ0aFJvQJevUs=; b=PjT5PS0M6vad2pHPATfypba3J13/r4Liwza4Uy303n48L669a/V6Vf76ZAqEBctP86 TISGNu/S3Aah/bCxTFFEx5SXQasbKeI7BSdBrW43gjPBsF9mG6xZp6ScAZUKBSmXeUs4 eNmWCcbYADyBqOU7Yc6nFcOXvZUMuJaPrtWwNI6ywePA0LERd/7ch0disHr1Ro/DtjnB AIMNZxQ4x5f6wFhG9oxkWIpozkG8FmYPFXd+gQD6GxETRZDgjR5LI0y+tzcfG4bjxOUJ 9bMHDrypRf6a2olfvML/RinToD3dMU0wq1LW1eIbZGs/uCXkW2UgQSTP1IFa4d//yeMo cZ7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=ZGTAhGNVsrR1vzRRkEeJqp6Cs8G2D9jQ0aFJvQJevUs=; b=GGJNwXIP2Mlb+Axy+1jS6YbUWxIiyvDIEjVmL5RYbeRmWKUSVaKcyeUO1xQWvmwmmA /njxKQ9i5RNB20DZAqGl9cSJ41ZkCF5u3HwDEbbW3PPg76aUQCACeiu4kQln7c8y05/i w4hA+0lPvSqVRJ9mSByvWavWBmRfgnK6fgpoDLIqG8B+Mi+Ow3CqrI0ZhISjYtWSVpx8 015IzAmw7zxzBALbdtAkXWqeqIhhGF5fVJaRU77085R5CzNFF/MiqSAbHQ6oXC9IgcFB VD9OpqLCAO+bxLWN5C/c0VZaVP3r4s/7MCAVaMSBv80ZMy4IDXp25rqhbuVzjTJ59NZ1 awvw== X-Gm-Message-State: ALyK8tJ6mkBeOcDZrxEZHbggdBW9oCLnQofzhBvOFMoGOyyHG7VdHYLrFWqh4H6ihY7aWp/AUKOjCe14xZM+4Q== X-Received: by 10.31.205.70 with SMTP id d67mr6423603vkg.141.1465155208071; Sun, 05 Jun 2016 12:33:28 -0700 (PDT) MIME-Version: 1.0 Sender: jakub.php@gmail.com Received: by 10.31.172.65 with HTTP; Sun, 5 Jun 2016 12:33:27 -0700 (PDT) In-Reply-To: References: <8ebf9e48-62e5-fae5-d234-448be3c1f9d2@fleshgrinder.com> Date: Sun, 5 Jun 2016 20:33:27 +0100 X-Google-Sender-Auth: GnaiilNH1OgTugfH5zwccwOf6TA Message-ID: To: Scott Arciszewski Cc: PHP Internals Content-Type: multipart/alternative; boundary=001a114dd93eb7ceb605348d079a Subject: Re: [PHP-DEV] [RFC] Libsodium - Discussion From: bukka@php.net (Jakub Zelenka) --001a114dd93eb7ceb605348d079a Content-Type: text/plain; charset=UTF-8 On Sun, Jun 5, 2016 at 9:35 AM, Scott Arciszewski wrote: > On Sun, Jun 5, 2016 at 4:31 AM, Fleshgrinder wrote: > > On 6/5/2016 10:23 AM, Scott Arciszewski wrote: > >> I'm trying to keep concerns separate. I do want to make the pluggable > >> crypto API happen, but I barely have time for this libsodium RFC and I > >> don't want to conflate the two. (Even worse: I wouldn't want the mere > >> thought of an abstract high-level API to block libsodium from getting > >> accepted.) > >> > >> Instead of /completely redesigning/ the libsodium API, what are some > >> changes that need to be made to alleviate the majority of concerns > >> ("it's not the pluggable crypto API" notwithstanding)? > >> > >> Two things to keep in mind: > >> > >> 1. If it breaks existing code that uses libsodium-php in a nontrivial > >> way, I'm going to resist the change unless it can be proven necessary > >> for the sake of everyone's sanity. > >> 2. If it greatly deviates from the experience of using libsodium in > >> other programming languages (e.g. renaming crypto_box), you no longer > >> have libsodium and thus I will resist it. > >> > >> Getting rid of redundant features (by improving existing ones, not > >> just cutting them!) is fine. Dropping scrypt, etc. is fine. > >> > > > > Keeping sodium as an extension solves all your problems. You can keep > > evolving it in any way you like without having to argue with others. No > > breaking changes, nothing. It can even be used after another API is > > introduced in core. > > All my problems? How do I get non-root users to install it? > I don't really get this point. All main distros have separate packages for the core extensions as well as for PECL extensions. You still need a root access to install the extension and it doesn't matter if it's a core ext or PECL ext. There are lots of extensions that do really well outside the core (e.g. mongo). So why do we really need it in the core? Personally I find libsodiam a nice extension that provides some cool stuff. However I don't see a big benefit of adding that to the core. We already struggle to maintain the current extensions and even if you said that you would maintain it, we should also take into account the fact that it can change and we might end up with another unmaintained ext. Cheers Jakub --001a114dd93eb7ceb605348d079a--