> -----Original Message-----
> From: Yasuo Ohgaki [mailto:yohg...@ohgaki.net]
> Sent: Tuesday, October 18, 2016 2:03 PM
> To: Joe Watkins <pthre...@pthreads.org>
> Cc: Niklas Keller <m...@kelunik.com>; Leigh <lei...@gmail.com>; PHP Internals
> Subject: Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness
> Hi Joe,
> On Tue, Oct 18, 2016 at 8:30 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
> > On Tue, Oct 18, 2016 at 7:32 PM, Joe Watkins <pthre...@pthreads.org>
> >>> This change should go through the standard RFC process and should be
> >>> targeted at 7.2+ (master) *only*.
> >>> Please check with the RMs before merging functionality changes into
> >>> release branches. All functionality changes need consent and
> >>> consensus. Bug fixes (that don't change functionality or break BC)
> >>> do not.
> >> You were told very specifically that the kinds of changes you
> >> proposed here require an RFC.
> > This comment is for original proposal that _changes_ output format, isn't
> > it?
> > It simply switches entropy source which we already relied on.
> As you can see from last minutes discussion.
> "/dev/urandom cannot be read" is FUD.
> It's pure bug fix. (I intentionally made patch easy to extend used chars,
> Would you consider revert the revert?
AFM the patch is not acceptable for 7.0. It is true that some place was moved
to the new random int functionality (in password AFAIR). But, it is done at the
place and the way that a BC breach is unlikely. Using the throwing variant is
for sure a BC breach, but also the way pushing while being explicitly asked to
go through an RFC, is inappropriate. As the new random_* functions are
available and allow to implement the best possible uniqueness in user land,
changing the algorithm of the existing uniqid() doesn't look to have a valid
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php