Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:94446
Return-Path: <cmbecker69@gmx.de>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 9569 invoked from network); 9 Jul 2016 09:16:10 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 9 Jul 2016 09:16:10 -0000
Authentication-Results: pb1.pair.com header.from=cmbecker69@gmx.de; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=cmbecker69@gmx.de; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmx.de designates 212.227.15.15 as permitted sender)
X-PHP-List-Original-Sender: cmbecker69@gmx.de
X-Host-Fingerprint: 212.227.15.15 mout.gmx.net  
Received: from [212.227.15.15] ([212.227.15.15:52338] helo=mout.gmx.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 6F/0B-18622-9D0C0875 for <internals@lists.php.net>; Sat, 09 Jul 2016 05:16:10 -0400
Received: from [192.168.2.103] ([217.82.227.154]) by mail.gmx.com (mrgmx002)
 with ESMTPSA (Nemesis) id 0Lbd9v-1ayLWf07Eh-00lHHe; Sat, 09 Jul 2016 11:16:06
 +0200
To: Leigh <leight@gmail.com>, Pierre Joye <pierre.php@gmail.com>
References: <CAPwsocEihGOWC5_KX_FFe36dKTdSob0FFJUKuQW+u53QyeqgsQ@mail.gmail.com>
 <CAEZPtU7AzLGbFh+=bvJNA+HScLVuKsUuF9iUEhACL6xv7VRZ-w@mail.gmail.com>
 <CAPwsocF0Zty7Kp1FZHYA2h+Y+eJvypj9nt1OPa8fdEZdiqR8vw@mail.gmail.com>
 <CAEZPtU48mLGqVVh4sDguto4Vx9Kj+ec=ViTUWXOr-UXCgSt2KA@mail.gmail.com>
 <CAEZPtU6XUGM4BfQ5g+huV_=rrVPfFtpmSO+3CzTcXPC20+x2=g@mail.gmail.com>
 <CAPwsocE5v7mGt3frjoPeFyt6sWtvkjWb=zcPUhFuRLA8fXLY2g@mail.gmail.com>
Cc: PHP internals <internals@lists.php.net>
Message-ID: <b5e33d93-c815-5d45-4e71-f6fa3270004f@gmx.de>
Date: Sat, 9 Jul 2016 11:16:11 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <CAPwsocE5v7mGt3frjoPeFyt6sWtvkjWb=zcPUhFuRLA8fXLY2g@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:00HEgiDeK8MGJxnrmQKfe3X+6MgUUyqpmMso0HmsKcO+iUQ5Xis
 LSEN5MIXQxFHCjvoZRAfI8baNMZyNaLprMxSrs2Dy8TVxPODILy7debpeJmvP1hB5Ayo+I7
 u5yL5Qq861fU2lDvxPp2XhtDm5ykKM5yTf4+P/lh9dT8uAQRboCAniTsJWCf+DgLtFPS2k4
 9hYsr4uf+SwDpyK8FC+4w==
X-UI-Out-Filterresults: notjunk:1;V01:K0:qeLYjbUv9eU=:i2X6mzfvoSOG0Ma1nSS/X5
 +2r1IxVKaxYBl6vY+/uetloqN4PADfpw5fnDktHY9KJ/uLLUcPCoTiEw7+N83AWBwsh/NFlVl
 2kBEWAW5e9QR1McBPoqVmJU5w5ScPij6EYB3LpWSz/0FKpaCVnZyohLT9sxzCqL8OqMcq1BZQ
 oU20hUQPZeq2IQcjtVTg0FrffnahXEj9A7xfoNp+8DboQkfqlDnuJjUR2DXKdWjPNKuzUnuIB
 lzQPWpAx6GqGlwAT5nORBB0la2O409ucq+k2C0HEXSfTUo8sk4ZIx9TzvUiyERSHBfOATKXu2
 SaYLZiH3+TwYjtlWdUA85r/3NAoxLAwFoKkdjUfRFEQZFWWOv2JJdQa/EpWsIpt+orvWwHj9Q
 hdxD+ZJU0HZRjUyzUTbltdgVZy0cNo5SsxO6BdyM3T2oDPC5sRvelzVhJEXeZ1ULg1rGRyR0A
 Vu2reiRcOo2bauvJ3V27lfvulfwnsOy8GreEh/D4zOT7bI4vvhE7aimGpTnc61ABiVioD6dGA
 jrf67ebHT6gIFU7aZ4zCSr80V/DcxbwiK/yYORwO9iR95i8lpytGWmbmDL5kUEvO0Rh/PjX4A
 T+zPXG8c1zcAb5rg9bWzdbj57/U+rznQMe1xTiiUWPB4XHl1ga1klryCT1umrR4lfxShg+EpQ
 C+1rIuisxNdcoOtmnfrrX4xO7YpwSX72FJC1RP6rDLM7M1hfyTWVOIFxLEBKKNJqFw059Eb2s
 JBgUaEwexUaXJUE2aKhONHcK5JUg5Rl1sxtikPvo0F1dJWEQYxodkES7RVrT51iakssvaLLQg
 pshd/5q
Subject: Re: [PHP-DEV] [RFC][VOTE] RNG fixes
From: cmbecker69@gmx.de (Christoph Becker)

On 09.07.2016 at 10:18, Leigh wrote:

> On Sat, 9 Jul 2016 at 08:48 Pierre Joye <pierre.php@gmail.com> wrote:
> 
>> So, I voted no then as it is clear that you do not see a problem to
>> break codes without a single warning or time to adapt before.
>>
>> The other sections are fine and voted yes.
> 
> For the part where you voted no. Still nobody has presented (publicly
> available) source that makes legitimate use of mt_srand (yes it's mt_srand
> that is "broken" here, not mt_rand) for deterministic streams of random
> numbers. I can only assume by this that almost nobody does. However, for
> those that do, they can still use the old algorithm.
> 
> For all of the other sections where you voted yes, they are mostly bug
> fixes, but all change the output of mt_rand AND more functions (without a
> single warning, like you wanted). I'm not trying to encourage you to change
> any votes, but I need to make sure you understand what you're voting for.

Thanks, Leigh, for the RFC.

In my opinion, all sections except "Alias rand() to mt_rand()" and maybe
"Make array_rand() more efficient" are *bug* *fixes*, and even though
they might cause BC breaks, deploying them with a minor release seems to
be a sensible compromise.

Aliasing rand() to mt_rand() should better be postponed to PHP 8.0 (if
at all).  I'm aware of rand()'s limitations and platform specific
behavior, but I'd prefer to leave the choice to nonetheless use it to
userland (at least for now).  I would suggest to improve the
documentation of rand() wrt. to the note in the description section and
the warning in the notes section (which are mutually contradicting
themselves).

Assuming that "Make array_rand() more efficient" is indeed only about
performance (and not about fixes for the broken implementation), it
wouldn't be a bug fix, but as array_rand()'s behavior would change
anyway as noted by the RFC, it makes sense to do it as well.

-- 
Christoph M. Becker