At 16:21 17-08-01, Cynic wrote:
>I vote for E_ALL as default in 4.1. NB I thought it was agreed
>that the same code will be released as 4.0.7 and 4.1.0 with the
>difference being php.ini settings. Was it a misperception on my
>part?
Defaults and ini settings (the binary will also reflect the new default
php.ini settings).
The reasons I'm not sure about whether E_NOTICE should be in or not:
- The consequences of turning it on are extremely far reaching - it
requires you to go over each and every line of your code, until the very
last one, and check it, on the logical level (i.e., try to think about
every possible path of execution).
- It's almost always harmless, especially after we change the default value
of register_globals to off.
I'm very non decisive about my opinion on this one. I know that in 1997
when these warnings were added to the language in the first place, they
were E_WARNING's. Rasmus and others said that these warnings were too
excessive, and introduced the NOTICE (or STRICT as it was called back then)
error level, which was off by default, basically telling people it's ok to
write code that way. This happened about 4 years ago, at the early days of
PHP 3.0. Weighting the gain (it's there, but it's not overwhelming) and
weighting the mess (it's there alright :), it very difficult to come up
with a firm decision.
I consider E_NOTICE as a basic element of good programming
practices. Unlike register_globals, which simply begs for security bugs to
occur, though, E_NOTICE is more of an application-level, code-cleanliness
kind of suggestion. That's why I think that adding it to the
php.ini-recommended is a good first step.
While we're at it, I think that we should also take another recommendation
from the advisory that brought this mess upon us - and turn URL fopens off
by default.
Zeev
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
