On Thu, Apr 10, 2025, at 1:53 PM, Bob Weinand wrote: >> I'd rather see the value in `php.ini-production` being changed to >> `Off` to match the built-in default. see >> https://github.com/php/php-src/pull/18215#issuecomment-2768618516 > > > Full agreement with Tim here - make PHP friendly to development. > > There are only few places where secrets would be actually relevant, and > those can be covered by #[SensitiveParameter].
I tend to agree as well. #[SensitiveParameter] is the better solution in the 95% case. If there are libraries still not using it (as the RFC suggests), those should have bugs (or preferably patches) filed against them. The great thing about attributes is they're intrinsically backward compatible, so there's no meaningful cost to adding/patching liberally. --Larry Garfield
