On Tue, Mar 22, 2016 at 7:09 PM, Scott Arciszewski <sc...@paragonie.com> wrote:
> On Tue, Mar 22, 2016 at 1:41 PM, Ferenc Kovacs <tyr...@gmail.com> wrote: > >> >> >> On Tue, Mar 22, 2016 at 6:00 PM, Scott Arciszewski <sc...@paragonie.com> >> wrote: >> >>> Hi all, >>> >>> https://wiki.php.net/rfc/mcrypt-viking-funeral >>> >>> The tally of closing (2016-03-22T17:00:00) is 23 Yes, 6 No. This is a >>> 79.3% >>> favorable response, which exceeds the 2/3 majority by a significant >>> margin. >>> >>> Thanks to everyone who voted or participated in this discussion. >>> >>> I've heard and respect some of the objections raised by folks who voted >>> No, >>> but moving this liability out of the core into PECL as soon as possible >>> is >>> not only a good move for the security of PHP applications, but now we >>> know >>> it's the choice the community wants. >>> >>> As promised, I'll get the E_DEPRECATED patch written soon. >>> >>> Additionally, I will have a decrypt-only mcrypt polyfill project written >>> hopefully before 7.1.0-alpha but definitely before 7.1.0. This will allow >>> people to migrate towards something better, e.g. >>> openssl_encrypt()/openssl_decrypt(). >>> >>> Scott Arciszewski >>> Chief Development Officer >>> Paragon Initiative Enterprises <https://paragonie.com> >>> >> >> You ignored the voting process and my headsup mail about it, and also >> ignored most of the feedback from the replies. >> >> >> -- >> Ferenc Kovács >> @Tyr43l - http://tyrael.hu >> > > Let's go line by line, then? > > 1. Email internals@lists.php.net to measure reaction to your intended > proposal. > > 2. Get wiki RFC karma > > Already had that. > > 3. Create the RFC > > Yes, obviously, I did that. :) > > 4. When your RFC is ready for discussion: > > * Change the status of your RFC page to “Under Discussion” > > Check. > > * Change its section on https://wiki.php.net/RFC to “Under Discussion” > > Totally fair to cry foul on this one; I did not do this. I wasn't aware of > this step, otherwise I would have. > * Send email to internals@lists.php.net introducing your RFC. > > I did this two months ago. > As I mentioned in my mail in the voting thread I couldn't find any email from you to the list with the link to the rfc, still waiting for your reply to show me that mail. > > 5. Listen to the feedback, and try to answer/resolve all questions. > > There were no substantial questions that needed to be addressed/resolved. > People expressed concerns, but if we blocked every RFC because someome has > a concern that doesn't form a substantive question, would we ever get > anything done? > It was brought up that the rfc should be clear about what it is targeting, voting shouldn't happen without an explicit target version, as we have different rules and expectations for a minor than a major version. For the record our release process rfc sucks a bit in this regard( https://wiki.php.net/rfc/releaseprocess), because it states that BC breaks shouldn't happen in a minor version, but it explicitly allows moving exts from core to pecl even though that this could cause userland impact (for example ext is moved to pecl then some internal API is changed in the core (which can also happen in a minor version) and the pecl extension doesn't receive an update so pecl install won't work out of the box). This means that technically you can target both 7.2 or 8.0 with your rfc for moving mcrypt to pecl but people would vote differently depending of what version do you pick for the rfc to target. > > 6. When discussion ends, and a minimum period of two weeks has passed > since you mailed internals@lists.php.net in step 4, then you can move > your RFC to “Voting” status. > > Two months >= two weeks. > see above, nobody seen your rfc page or commented on it before you linked it from your voting thread. Heck, as far as I can tell, it wasn't even listed on https://wiki.php.net/rfc before you put it up for voting. For the record I would probably vote yes for this proposal regardless of your answers on the feedback, I just want to have the process followed properly. -- Ferenc Kovács @Tyr43l - http://tyrael.hu
