mcrypt extermination plan

8 years ago by Scott Arciszewski — view source

unread

All,

I propose the following timeline to give ext/mcrypt the viking funeral
it deserves:

PHP 7.1 - all mcrypt functions raise E_DEPRECATED
PHP 8.0 - remove ext/mcrypt, only make it available through PECL

There will be no compatibility layer in this proposal, but if someone
wants to build one that sits atop openssl, feel free to do that
separately.

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com

8 years ago by Remi Collet — view source

unread

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 07/01/2016 17:54, Scott Arciszewski a écrit :

All,

I propose the following timeline to give ext/mcrypt the viking
funeral it deserves:

PHP 7.1 - all mcrypt functions raise E_DEPRECATED PHP 8.0 - remove
ext/mcrypt, only make it available through PECL

Big +1.

We need to solve this chicken and eggs issue.
People use it because it exists.
It still exists because people still use it.

Remi.

There will be no compatibility layer in this proposal, but if
someone wants to build one that sits atop openssl, feel free to do
that separately.

Scott Arciszewski Chief Development Officer Paragon Initiative
Enterprises https://paragonie.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlaOmT8ACgkQYUppBSnxahjk4wCg7mbjccTdPu4Z3G8cfTp8/H+k
ercAn3YDLTsCl06+a6N6W5ORT70hGEK3
=mt8x
-----END PGP SIGNATURE

8 years ago by Lior Kaplan — view source

unread

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 07/01/2016 17:54, Scott Arciszewski a écrit :

All,

I propose the following timeline to give ext/mcrypt the viking
funeral it deserves:

PHP 7.1 - all mcrypt functions raise E_DEPRECATED PHP 8.0 - remove
ext/mcrypt, only make it available through PECL

Big +1.

We need to solve this chicken and eggs issue.
People use it because it exists.
It still exists because people still use it.

Why not move it to pecl as part on 7.1 ?

Kaplan

8 years ago by Scott Arciszewski — view source

unread

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 07/01/2016 17:54, Scott Arciszewski a écrit :

All,

I propose the following timeline to give ext/mcrypt the viking
funeral it deserves:

PHP 7.1 - all mcrypt functions raise E_DEPRECATED PHP 8.0 - remove
ext/mcrypt, only make it available through PECL

Big +1.

We need to solve this chicken and eggs issue.
People use it because it exists.
It still exists because people still use it.

Why not move it to pecl as part on 7.1 ?

Kaplan

I'd love that, personally.

Another idea might be E_DEPRECATED in 7.1 and PECL-only in 7.1+1
(whether that's 7.2 or 8.0).

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com

8 years ago by Pierre Joye — view source

unread

All,

I propose the following timeline to give ext/mcrypt the viking funeral
it deserves:

PHP 7.1 - all mcrypt functions raise E_DEPRECATED
PHP 8.0 - remove ext/mcrypt, only make it available through PECL

There will be no compatibility layer in this proposal, but if someone
wants to build one that sits atop openssl, feel free to do that
separately.

Sounds good to me :)

8 years ago by Marco Pivetta — view source

unread

While I'd love to see mcrypt die, unless we all forgot how semver works,
this isn't how it can be done :-
If you want to actually drop something, regardless of how bad it is (and I
know mcrypt is bad), then the next major version is where this should
happen.
Note that pushing for an earlier 8.0 is not a problem either.

Marco Pivetta

http://twitter.com/Ocramius

http://ocramius.github.com/

All,

I propose the following timeline to give ext/mcrypt the viking funeral
it deserves:

PHP 7.1 - all mcrypt functions raise E_DEPRECATED
PHP 8.0 - remove ext/mcrypt, only make it available through PECL

There will be no compatibility layer in this proposal, but if someone
wants to build one that sits atop openssl, feel free to do that
separately.

Sounds good to me :)

8 years ago by Marco Pivetta — view source

unread

Edit: never mind - I must have misread somewhere that dropping in 7.2 was a
plan. Sorry for the misunderstanding!

Marco Pivetta

http://twitter.com/Ocramius

http://ocramius.github.com/

While I'd love to see mcrypt die, unless we all forgot how semver works,
this isn't how it can be done :-
If you want to actually drop something, regardless of how bad it is (and I
know mcrypt is bad), then the next major version is where this should
happen.
Note that pushing for an earlier 8.0 is not a problem either.

Marco Pivetta

http://twitter.com/Ocramius

http://ocramius.github.com/

All,

I propose the following timeline to give ext/mcrypt the viking funeral
it deserves:

PHP 7.1 - all mcrypt functions raise E_DEPRECATED
PHP 8.0 - remove ext/mcrypt, only make it available through PECL

There will be no compatibility layer in this proposal, but if someone
wants to build one that sits atop openssl, feel free to do that
separately.

Sounds good to me :)

8 years ago by Ferenc Kovacs — view source

unread

jan. 10. 12:57 ezt írta ("Marco Pivetta" ocramius@gmail.com):

While I'd love to see mcrypt die, unless we all forgot how semver works,
this isn't how it can be done :-
If you want to actually drop something, regardless of how bad it is (and I
know mcrypt is bad), then the next major version is where this should
happen.
Note that pushing for an earlier 8.0 is not a problem either.

For the record our release process (https://wiki.php.net/rfc/releaseprocess)
explicitly states that extension support can be ended/moved to pecl in a
minor version.