Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:96443 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 56009 invoked from network); 18 Oct 2016 19:53:27 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 18 Oct 2016 19:53:27 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender) X-PHP-List-Original-Sender: yohgaki@ohgaki.net X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp Received: from [180.42.98.130] ([180.42.98.130:41671] helo=es-i.jp) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id AF/23-40890-4BD76085 for ; Tue, 18 Oct 2016 15:53:26 -0400 Received: (qmail 34210 invoked by uid 89); 18 Oct 2016 19:53:20 -0000 Received: from unknown (HELO mail-qk0-f169.google.com) (yohgaki@ohgaki.net@209.85.220.169) by 0 with ESMTPA; 18 Oct 2016 19:53:20 -0000 Received: by mail-qk0-f169.google.com with SMTP id n189so6117575qke.0 for ; Tue, 18 Oct 2016 12:53:20 -0700 (PDT) X-Gm-Message-State: AA6/9RkMXwC5GtqJW+Mh2/qatUtZFeO/MSo0HXeV9pl3gSHPCg+zSlCDACOvOeAD6oYZ5J6Jbcye0eIyIHs97g== X-Received: by 10.55.114.131 with SMTP id n125mr2334230qkc.17.1476820394043; Tue, 18 Oct 2016 12:53:14 -0700 (PDT) MIME-Version: 1.0 Received: by 10.140.84.168 with HTTP; Tue, 18 Oct 2016 12:52:33 -0700 (PDT) In-Reply-To: <070001d2295e$76b7d730$64278590$@belski.net> References: <070001d2295e$76b7d730$64278590$@belski.net> Date: Wed, 19 Oct 2016 04:52:33 +0900 X-Gmail-Original-Message-ID: Message-ID: To: Anatol Belski Cc: Joe Watkins , Niklas Keller , Leigh , PHP Internals Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness From: yohgaki@ohgaki.net (Yasuo Ohgaki) Hi Anatol, On Wed, Oct 19, 2016 at 1:41 AM, Anatol Belski wrot= e: > AFM the patch is not acceptable for 7.0. It is true that some place was m= oved to the new random int functionality (in password AFAIR). But, it is do= ne at the place and the way that a BC breach is unlikely. Using the throwin= g variant is for sure a BC breach, but also the way pushing while being exp= licitly asked to go through an RFC, is inappropriate. As the new random_* f= unctions are available and allow to implement the best possible uniqueness = in user land, changing the algorithm of the existing uniqid() doesn't look = to have a valid base. > Any additional error could be BC. It's the fact. However, your sentence does not make sense at all. Do we revert any error emitting bug fix? No, not at all. We do add errors as normal bug fix process. Many of them are w/o RFC, even w/o discussion. Example: https://bugs.php.net/bug.php?id=3D73238 This bug fix caused WordPress caused 3 additional E_WARNING displayed that can be remove by php.ini or code fix. Which is important? - uniqid() is not unique - Really broken system that shouldn't be used may emit error "/dev/urandom cannot read discussion" is FUD and irrelevant to this discussion. Issues with user script random_bytes() implementation or like does not apply to uniqid() fix. Anyway, are we going to revert anything emit new errors from now on because it's BC? Are we going to require RFC for this kind of very simple and reasonable fix= ? I hope not. IMHO my discussion is logical. Please consider revert the revert. Otherwise, we cannot fix even simple bugs. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net