> > > Scott, what exactly were you thinking of?
My intention was simply to address the representatives for all of the major PHP frameworks and libraries at a place they all congregate rather than attempt to enumerate them and contact them individually with specific recommendations. I don't have anything resembling action plan in mind. The original post was the action. I'm really not interested in carrying this further into the realms of policy or standardization. Everyone is of course free to write their own crypto. In other words: that is something you can do; but should you? Personally speaking, I find it a bit concerning that the reflexive response to my post was the consideration of "Should we make this a rule?" Some of the most stable structures in nature are an emergent property from chaotic systems. We don't always need more rules. Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises <https://paragonie.com> On Sun, Jul 31, 2016 at 1:20 PM, Larry Garfield <la...@garfieldtech.com> wrote: > That's an over-simplification of FIG's scope and activity. PSR 1, 2, and > 12 don't really have "one interface, many implementations", but that's > because it wouldn't make sense in that problem space. PSRs 9 and 10 likely > won't, either. > > That said, I'm not sure what exactly would fit here as a PSR. The > proposal seems to boil down to "don't roll your own crypto!", which I > heartily support and endorse as a policy, but is a bit thin for a PSR. > "Only use these libraries" would be out of scope, as we don't endorse > specific libraries we don't maintain (and we don't maintain much in the way > of libraries, by choice). Beyond being an extra section in PSR-9/10 > somewhere, I'm not sure how this would fit into FIG's model. > > > Scott, what exactly were you thinking of? > > --Larry Garfield > > On 07/31/2016 08:46 AM, 'Alexander Makarov' via PHP Framework > Interoperability Group wrote: > > FIG always focused on interoperability i.e. multiple implementations, same > interface. What Scott proposed makes sense but doesn't fit into "multiple > implementations". > > On Sunday, July 31, 2016 at 1:10:01 PM UTC+3, Alessandro Lai wrote: >> >> Why should it be out of scope? A PSR is a reccomandation, and advocating >> this kind of security best practice is a good thing here. > > -- > > -- > You received this message because you are subscribed to a topic in the > Google Groups "PHP Framework Interoperability Group" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/php-fig/oQVs1WjJ3UQ/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > php-fig+unsubscr...@googlegroups.com. > To post to this group, send email to php-fig@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/php-fig/694325b8-a91d-dc44-2291-85381add8f9b%40garfieldtech.com > <https://groups.google.com/d/msgid/php-fig/694325b8-a91d-dc44-2291-85381add8f9b%40garfieldtech.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group. To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+unsubscr...@googlegroups.com. To post to this group, send email to php-fig@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/CAKws9z1NS05ATGcEj%3D5T0ArR%2BTq94OmCbkgueTkRaGgBmd8xfQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
