mcrypt extermination plan

10 years ago by Scott Arciszewski — view source — reply

unread

All,

I propose the following timeline to give ext/mcrypt the viking funeral
it deserves:

PHP 7.1 - all mcrypt functions raise E_DEPRECATED
PHP 8.0 - remove ext/mcrypt, only make it available through PECL

There will be no compatibility layer in this proposal, but if someone
wants to build one that sits atop openssl, feel free to do that
separately.

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com

10 years ago by Remi Collet — view source — reply

unread

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 07/01/2016 17:54, Scott Arciszewski a écrit :

All,

I propose the following timeline to give ext/mcrypt the viking
funeral it deserves:

PHP 7.1 - all mcrypt functions raise E_DEPRECATED PHP 8.0 - remove
ext/mcrypt, only make it available through PECL

Big +1.

We need to solve this chicken and eggs issue.
People use it because it exists.
It still exists because people still use it.

Remi.

There will be no compatibility layer in this proposal, but if
someone wants to build one that sits atop openssl, feel free to do
that separately.

Scott Arciszewski Chief Development Officer Paragon Initiative
Enterprises https://paragonie.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlaOmT8ACgkQYUppBSnxahjk4wCg7mbjccTdPu4Z3G8cfTp8/H+k
ercAn3YDLTsCl06+a6N6W5ORT70hGEK3
=mt8x
-----END PGP SIGNATURE

10 years ago by Lior Kaplan — view source — reply

unread

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 07/01/2016 17:54, Scott Arciszewski a écrit :

All,

I propose the following timeline to give ext/mcrypt the viking
funeral it deserves:

PHP 7.1 - all mcrypt functions raise E_DEPRECATED PHP 8.0 - remove
ext/mcrypt, only make it available through PECL

Big +1.

We need to solve this chicken and eggs issue.
People use it because it exists.
It still exists because people still use it.

Why not move it to pecl as part on 7.1 ?

Kaplan

10 years ago by Scott Arciszewski — view source — reply

unread

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 07/01/2016 17:54, Scott Arciszewski a écrit :

All,

I propose the following timeline to give ext/mcrypt the viking
funeral it deserves:

PHP 7.1 - all mcrypt functions raise E_DEPRECATED PHP 8.0 - remove
ext/mcrypt, only make it available through PECL

Big +1.

We need to solve this chicken and eggs issue.
People use it because it exists.
It still exists because people still use it.

Why not move it to pecl as part on 7.1 ?

Kaplan

I'd love that, personally.

Another idea might be E_DEPRECATED in 7.1 and PECL-only in 7.1+1
(whether that's 7.2 or 8.0).

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com

10 years ago by Pierre Joye — view source — reply

unread

All,

I propose the following timeline to give ext/mcrypt the viking funeral
it deserves:

PHP 7.1 - all mcrypt functions raise E_DEPRECATED
PHP 8.0 - remove ext/mcrypt, only make it available through PECL

There will be no compatibility layer in this proposal, but if someone
wants to build one that sits atop openssl, feel free to do that
separately.

Sounds good to me :)

10 years ago by Marco Pivetta — view source — reply

unread

While I'd love to see mcrypt die, unless we all forgot how semver works,
this isn't how it can be done :-
If you want to actually drop something, regardless of how bad it is (and I
know mcrypt is bad), then the next major version is where this should
happen.
Note that pushing for an earlier 8.0 is not a problem either.

Marco Pivetta

http://twitter.com/Ocramius

http://ocramius.github.com/

All,

I propose the following timeline to give ext/mcrypt the viking funeral
it deserves:

PHP 7.1 - all mcrypt functions raise E_DEPRECATED
PHP 8.0 - remove ext/mcrypt, only make it available through PECL

There will be no compatibility layer in this proposal, but if someone
wants to build one that sits atop openssl, feel free to do that
separately.

Sounds good to me :)

10 years ago by Marco Pivetta — view source — reply

unread

Edit: never mind - I must have misread somewhere that dropping in 7.2 was a
plan. Sorry for the misunderstanding!

Marco Pivetta

http://twitter.com/Ocramius

http://ocramius.github.com/

While I'd love to see mcrypt die, unless we all forgot how semver works,
this isn't how it can be done :-
If you want to actually drop something, regardless of how bad it is (and I
know mcrypt is bad), then the next major version is where this should
happen.
Note that pushing for an earlier 8.0 is not a problem either.

Marco Pivetta

http://twitter.com/Ocramius

http://ocramius.github.com/

All,

I propose the following timeline to give ext/mcrypt the viking funeral
it deserves:

PHP 7.1 - all mcrypt functions raise E_DEPRECATED
PHP 8.0 - remove ext/mcrypt, only make it available through PECL

There will be no compatibility layer in this proposal, but if someone
wants to build one that sits atop openssl, feel free to do that
separately.

Sounds good to me :)

10 years ago by Ferenc Kovacs — view source — reply

unread

jan. 10. 12:57 ezt írta ("Marco Pivetta" ocramius@gmail.com):

While I'd love to see mcrypt die, unless we all forgot how semver works,
this isn't how it can be done :-
If you want to actually drop something, regardless of how bad it is (and I
know mcrypt is bad), then the next major version is where this should
happen.
Note that pushing for an earlier 8.0 is not a problem either.

For the record our release process (https://wiki.php.net/rfc/releaseprocess)
explicitly states that extension support can be ended/moved to pecl in a
minor version.