[PHP-DEV] Re: Improve hash_hkdf() parameter

2017-04-13 Thread Jan Ehrhardt 
wout van gils in php.internals (Thu, 13 Apr 2017 15:13:40 +):
>Kan iemand mij eindelijk eens uitschrijven.?

Dat moet je zelf doen:
http://php.net/mailing-lists.php
Onderaan.
-- 
Jan

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Re: Improve hash_hkdf() parameter

2017-04-13 Thread wout van gils 
Kan iemand mij eindelijk eens uitschrijven.?


??



Van: Pieter Hordijk 
Verzonden: donderdag 13 april 2017 08:11
Aan: Yasuo Ohgaki
CC: Joe Watkins; Andrey Andreev; internals@lists.php.net; php...@lists.php.net
Onderwerp: [PHP-DOC] Re: [PHP-DEV] [RFC][VOTE] Improve hash_hkdf() parameter



- Original Message -
> From: "Yasuo Ohgaki" 
> To: "Joe Watkins" , "Andrey Andreev" 
> Cc: internals@lists.php.net
> Sent: Thursday, April 13, 2017 1:07:19 AM
> Subject: Re: [PHP-DEV] [RFC][VOTE] Improve hash_hkdf() parameter

> Hi Joe,
>
> On Wed, Apr 12, 2017 at 7:46 PM, Joe Watkins  wrote:
>
>> This RFC was left open for 5 days past the end of voting as declared on
>> the RFC.
>>
>
> Thank you, I forgot about this.
> IMHO, it's a shame for us we should have inconsistent and insecure function
> signature for a new function.
>
> I'm going to update the manual to add warning notes and example usages
> like advanced CRFS token dedicated for specific URL with expiration time.
>
> I can think of length option only usage, but I cannot think usage that could
> be useful for majority of PHP users like advanced CSRF token.

Is this really something we need in our official docs instead of for example
on a personal blog?

To be honest I am afraid of ending up with something like the current state
of the session docs. Which are imo way too broad / opinionated, non English,
contains utterly confusing examples and / or flat out wrong and broken examples.
Above already resulted in a stream of docs bugs regarding session pages
and a lot of confused readers.

By all means describe how functions work, but don't confuse readers with things
most people won't ever need or are better suited as a (series of) blog posts /
Stack Overflow post(s).

My €0.02

cc-ing docs discussion to get them also involved in case somebody of the docs
team has an opinion.

> Andrey,
>
> Could you give us some length only and length/info only example
> that could be useful for most PHP users.
> It should be safe and recommended usage.
> I suppose you should have some good examples.
>
> Thank you.
>
> --
> Yasuo Ohgaki
> yohg...@ohgaki.net

[PHP-DEV] Re: Improve hash_hkdf() parameter

2017-04-13 Thread wout van gils 
Kan iemand mij eindelijk eens uitschrijven.?