Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:94448
Return-Path: <cmbecker69@gmx.de>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 12469 invoked from network); 9 Jul 2016 09:24:54 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 9 Jul 2016 09:24:54 -0000
Authentication-Results: pb1.pair.com header.from=cmbecker69@gmx.de; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=cmbecker69@gmx.de; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmx.de designates 212.227.15.19 as permitted sender)
X-PHP-List-Original-Sender: cmbecker69@gmx.de
X-Host-Fingerprint: 212.227.15.19 mout.gmx.net  
Received: from [212.227.15.19] ([212.227.15.19:64171] helo=mout.gmx.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 3B/BB-18622-5E2C0875 for <internals@lists.php.net>; Sat, 09 Jul 2016 05:24:53 -0400
Received: from [192.168.2.103] ([217.82.227.154]) by mail.gmx.com (mrgmx002)
 with ESMTPSA (Nemesis) id 0MV5tl-1buBOm1Dkj-00YQv8; Sat, 09 Jul 2016 11:24:49
 +0200
To: Pierre Joye <pierre.php@gmail.com>, Leigh <leight@gmail.com>
References: <CAPwsocEihGOWC5_KX_FFe36dKTdSob0FFJUKuQW+u53QyeqgsQ@mail.gmail.com>
 <CAEZPtU7AzLGbFh+=bvJNA+HScLVuKsUuF9iUEhACL6xv7VRZ-w@mail.gmail.com>
 <CAPwsocF0Zty7Kp1FZHYA2h+Y+eJvypj9nt1OPa8fdEZdiqR8vw@mail.gmail.com>
 <CAEZPtU48mLGqVVh4sDguto4Vx9Kj+ec=ViTUWXOr-UXCgSt2KA@mail.gmail.com>
 <CAEZPtU6XUGM4BfQ5g+huV_=rrVPfFtpmSO+3CzTcXPC20+x2=g@mail.gmail.com>
 <CAPwsocE5v7mGt3frjoPeFyt6sWtvkjWb=zcPUhFuRLA8fXLY2g@mail.gmail.com>
 <CAEZPtU7e2rvvHtNb3mC3qNT7ZY6djFX3sJ-Wo7rQLDDiRw5Y=w@mail.gmail.com>
Cc: PHP internals <internals@lists.php.net>
Message-ID: <adb07255-3d37-0ca5-b9e7-0efd27b25d7a@gmx.de>
Date: Sat, 9 Jul 2016 11:24:55 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <CAEZPtU7e2rvvHtNb3mC3qNT7ZY6djFX3sJ-Wo7rQLDDiRw5Y=w@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:/Y8pDF9bIsdlvD3XfPMnRBUBN20v2p6y1pT8heoL2dWZfBhvuYZ
 gu7n4Aga4YHkhr3HHWNunIjmK+N3qOPKgdVG4uJzzfwKZPxiPrxOQl4fWk31vpNRj1B5cAr
 xPxpopwrB4iFi+KFeg++nAYu+vRTngPiFQ+CRuXUL89aalmjpuAwGGQjQeO3kJxFXMcZP0j
 mp8Du3JW+gDoZNwMG+Spw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:Dc4NTdPwwwE=:rW9LKhWt8V4hUAMnFWykUa
 UZZXDvapXNSQCCihN3KOuf3DiYFO5d5L9NXuM7pwbwEcv3RaSFWS+y03IvdZBa1XT/WeNzaUp
 czOFR6NnMLL1+/DloG6qJghSA77r7VzqDtVUpZjSBHK5ceQsIzUW99tCLAiXTQxPjM5zVhk1T
 wG2EFis5A93QGQCR6Hp6zle+SA6Zlx6zBKqkJJojTC5tRMpxyE8x3Ku7x173YTKy2kcd3jNCl
 4BDOp1Xj0jafG35d8y0AOj9MMncXFR7gWtm3hpPwN74a69xcZT9PvfgtJG3gzMubocr2s+V7o
 s0TiyaKmUEqB6qefkl8ByCDX+vb/IMa+rkPogBmXmwx3vhUjEkd5BuTkcoDdUGXVEWlcKrW0v
 /OzDKM87FE+sjeRUMoeq+M2MFC9l1p/O8TviNuoa8DJbPy8jkj1oq4rXpAkFlLfh3ueVs1p5b
 JkqkK0oeyq4svP37LE4HiKP+jKuTwotPK5RaCfVewqtwKcc+fQw0Hef9mOgoIxZDlJTjZd3Bz
 EcWRZlzXDW3RoazVzkPNcqMQskFXmHRHd/Tz6IK1wYV/InzZch6n7njKtJUZhqPjwHUflW6ny
 ECj5Zh2CPJ17zzcpv/1jM0B+gQrE0RkvZAUw0ZEBF/ZlDG5N5IqjR0GtsPZjtd57lkYiHDtea
 9UtkBkQig33GDQNPGmVEGAT47xdG5Py1s4DsZ4WekuI74uQSNtjdLgzdCiHrQH8EdJC2fKUKP
 H4l9n2qEwqKNo88f4RDxhDH6dL+oQXb/aklQhbKLI2wD3D3bazdN03wLnvuOjiFUrYIcQtXpX
 RSIPyww
Subject: Re: [PHP-DEV] [RFC][VOTE] RNG fixes
From: cmbecker69@gmx.de (Christoph Becker)

On 09.07.2016 at 10:49, Pierre Joye wrote:

> On Jul 9, 2016 3:19 PM, "Leigh" <leight@gmail.com> wrote:
>>
>> On Sat, 9 Jul 2016 at 08:48 Pierre Joye <pierre.php@gmail.com> wrote:
>>>
>>> So, I voted no then as it is clear that you do not see a problem to
>>> break codes without a single warning or time to adapt before.
>>>
>>> The other sections are fine and voted yes.
>>
>> For the part where you voted no. Still nobody has presented (publicly
>> available) source that makes legitimate use of mt_srand (yes it's mt_srand
>> that is "broken" here, not mt_rand) for deterministic streams of random
>> numbers. I can only assume by this that almost nobody does. However, for
>> those that do, they can still use the old algorithm.
> 
> I am sorry but this PR possibly breaks BC and cases have been clearly
> explained how and why. Asking to show production  code publically is not
> something that you should request.

ACK.  However, it appears to me that it has not been sufficiently
verified that the random distribution of the current mt_rand()
implementation is as good as the original algorithm (apparently, there
are only some demos and quick investigations available).  Therefore
fixing this in a minor version with the option to enforce the old
behavior looks good to me.

-- 
Christoph M. Becker