Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:94021 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 67892 invoked from network); 15 Jun 2016 17:55:29 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 15 Jun 2016 17:55:29 -0000 Authentication-Results: pb1.pair.com smtp.mail=php@fleshgrinder.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=php@fleshgrinder.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain fleshgrinder.com from 212.232.25.164 cause and error) X-PHP-List-Original-Sender: php@fleshgrinder.com X-Host-Fingerprint: 212.232.25.164 mx208.easyname.com Received: from [212.232.25.164] ([212.232.25.164:47490] helo=mx208.easyname.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 13/84-41914-09691675 for ; Wed, 15 Jun 2016 13:55:28 -0400 Received: from cable-81-173-133-15.netcologne.de ([81.173.133.15] helo=[192.168.178.20]) by mx.easyname.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1bDF2D-0000ZN-49; Wed, 15 Jun 2016 17:55:25 +0000 Reply-To: internals@lists.php.net References: <1ee34970-76f4-e6c6-df1e-a827e3fc592d@fleshgrinder.com> To: Tom Worster , internals@lists.php.net, Christoph Becker , Leigh , Jordi Boggiano , Pierre Joye , Yasuo Ohgaki Message-ID: <25bb59bb-d9ac-5ab3-f0bb-d80e6b3fe745@fleshgrinder.com> Date: Wed, 15 Jun 2016 19:55:12 +0200 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="cFBpUL9i6U8KPdif2UVLoo0qw0MgQ3mt9" X-ACL-Warn: X-DNSBL-BARRACUDACENTRAL Subject: Re: [PHP-DEV] [RFC] RNG fixes From: php@fleshgrinder.com (Fleshgrinder) --cFBpUL9i6U8KPdif2UVLoo0qw0MgQ3mt9 Content-Type: multipart/mixed; boundary="VjsU5nrKFcAt2KgWBhQogLLpjWA7vEnng" From: Fleshgrinder Reply-To: internals@lists.php.net To: Tom Worster , internals@lists.php.net, Christoph Becker , Leigh , Jordi Boggiano , Pierre Joye , Yasuo Ohgaki Message-ID: <25bb59bb-d9ac-5ab3-f0bb-d80e6b3fe745@fleshgrinder.com> Subject: Re: [PHP-DEV] [RFC] RNG fixes References: <1ee34970-76f4-e6c6-df1e-a827e3fc592d@fleshgrinder.com> In-Reply-To: --VjsU5nrKFcAt2KgWBhQogLLpjWA7vEnng Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 6/15/2016 1:30 AM, Tom Worster wrote: > On 6/14/16 3:12 PM, Fleshgrinder wrote: >=20 >> Call me ignorant but is this required in typical web applications? >=20 > PHP is used for various things, not just web apps. I use it for various= > other things because its the language in which I am most fluent. >=20 > PHP is and should remain: a pragmatic web-focused language > > --- Rasmus Lerdorf Please do not ignore our mission statement here. PHP is not a general purpose language and even real general purpose languages do not offer predictable RNGs. On 6/15/2016 1:30 AM, Tom Worster wrote: > And the requirements of *typical* apps using PHP should not be the basi= s > for removing functions that are in fact used in existing programs. >=20 Moving to PECL is not considered a BC and people are easily able to get the functions back in if they really need to. On 6/15/2016 1:30 AM, Tom Worster wrote: > It's possible to change programs so they don't use mt_rand() etc. but > most people won't thank you for forcing them to rewrite software that > works. >=20 The applications and libraries who are using it incorrectly right now will thank us for making it harder to use the language incorrectly. On 6/15/2016 1:30 AM, Tom Worster wrote: > Leigh, iiuc, is trying to fix bugs. Let's not change the discussion to > cleaning up PHP's API. >=20 This is not what my proposal is about. I would move all the broken and weak stuff to PECL and offer the already existing good alternatives to the developers. At the same time we are able to fix the problems in the PECL modules and release a new major version of those packages. We do not need to fix password_hash() nor random_int() since they work and they are what is needed in a web-focused language. --=20 Richard "Fleshgrinder" Fussenegger --VjsU5nrKFcAt2KgWBhQogLLpjWA7vEnng-- --cFBpUL9i6U8KPdif2UVLoo0qw0MgQ3mt9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXYZaDAAoJEOKkKcqFPVVrU4EP/0lbWf6eZUVmzEfUuacqQYjN uXmSRvg0vjnL271PA4Ll6RcliYnAe8Y8mNSn1e8YI5elSKB61aNrRKmd1zNaC2+r LIf+egPPZj5t7KMyMmy1xDxeii4LdPrRk1rkdA/d/8Bjs7HEH255xiItQARX+9kM wnXaZ3uKd+uF1mJnGtWFGV1X1kLwx5l0jtt3JJpyF+WLOtuAP/R7huAXBbTDjxU3 95iaqFkc+p0CE0Bi+U2iyDd7JVA835u7h4pQEbghpKa+1buH0IcfU17ap2AXY4fm vWMPm845vzfR6n1opzsy/S7CFDqledW3D66bYOP8M2xHTOMk3ombKNABsJnxwMHe qnTg/fa5gQJ5gEIT49mmsVHwIcZxJ0nV3aAbNyIwrVQAb50vOGdilNc6xS3vSWUA XESjhFGS2bU11YBrQFLrmaqHEyWk1XOohFvOeEB5dJ2Wi25mvQIttYLWC/PmWE3z tbWejj58sXW2ex4HP/M/p1h1jpyf2T7tFFdf6xflgy8oa7fIHvgfNy6XbG6rXYwA BfwGv2C0YUzsJT0xea71X9mu5xgXBQahOmIOUMKK60QaNVkoP9cyOI1Gjj4x6GQl CimO5mDvRYC1KjC3dlPiVsLlDzWiNV52u4hL3Pym7ypnzyWCRwHvynaC/Aw4RftY vcq5in5rMx3DO/l8/k24 =lf81 -----END PGP SIGNATURE----- --cFBpUL9i6U8KPdif2UVLoo0qw0MgQ3mt9--