Does adding Argon2 as a possible choice for password_hash() +
password_verify() need an RFC? Or can I just submit a pull request?
It won't be changing the default in 7.1, and IIRC this sort of change
was already agreed upon as part of the original password_hash() RFC.
Scott Arciszewski
Chief Deve
On 01/09/2016 10:03 PM, Stanislav Malyshev wrote:
Hi!
I was not hesitant (or, let's maybe call it "intentionally
procrastinating") to post on this topic because I felt unsafe on this
list or in the general realm of the PHP community; I simply was in no
mood to deal with a mob of self-proclaimed
On Jan 11, 2016 5:22 AM, "Scott Arciszewski" wrote:
>
> On Sun, Jan 10, 2016 at 4:59 PM, Rowan Collins
wrote:
> > On 10/01/2016 21:41, Scott Arciszewski wrote:
> >>
> >> Hi Rowan,
> >>
> >>> >I think what people are suggesting is not that libsodium shouldn't be
> >>> >supported under-the-hood, ju
On Sun, Jan 10, 2016 at 6:56 PM, David Zuelke wrote:
> Can we call that extension "sodium" please without the "lib" prefix?
>
> David
>
>
>> On 07.01.2016, at 08:26, Scott Arciszewski wrote:
>>
>> Hi everyone,
>>
>> I've updated the RFC to make libsodium a core PHP extension in 7.1, to
>> include
Can we call that extension "sodium" please without the "lib" prefix?
David
> On 07.01.2016, at 08:26, Scott Arciszewski wrote:
>
> Hi everyone,
>
> I've updated the RFC to make libsodium a core PHP extension in 7.1, to
> include references to the online documentation.
>
> https://wiki.php.ne
Hi Scott,
On 10/01/2016 22:22, Scott Arciszewski wrote:
And I'm of the opinion that most users need a library that does
everything for them, and power users need a toolkit, and we shouldn't
try to solve both use cases with the same library.
I don't think anyone is arguing against that, they ju
On Sun, Jan 10, 2016 at 4:59 PM, Rowan Collins wrote:
> On 10/01/2016 21:41, Scott Arciszewski wrote:
>>
>> Hi Rowan,
>>
>>> >I think what people are suggesting is not that libsodium shouldn't be
>>> >supported under-the-hood, just that the fact you're using it shouldn't
>>> > be
>>> >exposed to u
On 10/01/2016 21:41, Scott Arciszewski wrote:
Hi Rowan,
>I think what people are suggesting is not that libsodium shouldn't be
>supported under-the-hood, just that the fact you're using it shouldn't be
>exposed to userland.
These are separate concerns. Let's call them Sodium and SimpleSodium.
Hi Scott,
Note: you forgot to copy the list in on your mail. I've not snipped any
of your comments, so others can read them.
On 10/01/2016 20:08, Scott Arciszewski wrote:
Hi Rowan,
(although in that case things will need to be very well documented - as a
non-expert, I would not know when to
On Sun, Jan 10, 2016 at 4:31 PM, Rowan Collins wrote:
> On 07/01/2016 16:11, Scott Arciszewski wrote:
>>
>> I'm personally not going to bother pushing
>> for a pluggable crypto API if the only option is to use OpenSSL and
>> all its legacy cruft.
>
>
> I think what people are suggesting is not tha
On 07/01/2016 16:11, Scott Arciszewski wrote:
I'm personally not going to bother pushing
for a pluggable crypto API if the only option is to use OpenSSL and
all its legacy cruft.
I think what people are suggesting is not that libsodium shouldn't be
supported under-the-hood, just that the fact
Hi!
>> A suggestion from a co-worker who's worried about seeing patterns like:
>>
>> case ($t['token']) {
>> case T_PAAMAYIM_NEKUDOTAYIM:
>> // do something
>>break;
>> case ord(';'):
>> // do something else
>> break;
>> }
What's wrong with this pattern? Looks pretty fine to m
On Tue, Jan 5, 2016 at 11:51 AM, Sara Golemon wrote:
> On Mon, Jan 4, 2016 at 2:56 PM, Sara Golemon wrote:
>> https://wiki.php.net/rfc/token-get-always-tokens
>>
> A suggestion from a co-worker who's worried about seeing patterns like:
>
> case ($t['token']) {
> case T_PAAMAYIM_NEKUDOTAYIM:
>
On 1/10/16, 3:39 PM, "Scott Arciszewski" wrote:
>On Sun, Jan 10, 2016 at 3:18 PM, Tom Worster wrote:
>> On 1/7/16 11:24 AM, Pierre Joye wrote:
>>>
>>> What I do not like too much is the addition of an extension with
>>> (relatively) low level functions for one specific library. It does not
>>> r
On Sun, Jan 10, 2016 at 3:18 PM, Tom Worster wrote:
> On 1/7/16 11:24 AM, Pierre Joye wrote:
>>
>> What I do not like too much is the addition of an extension with
>> (relatively) low level functions for one specific library. It does not
>> really matter how good is this specific library, I simply
On 1/7/16 11:24 AM, Pierre Joye wrote:
What I do not like too much is the addition of an extension with
(relatively) low level functions for one specific library. It does not
really matter how good is this specific library, I simply do not see
such addition as a good strategic move.
I also worr
On 10/01/2016 04:23, Scott Arciszewski wrote:
I'd like to make cryptography drop-dead simple in PHP 7.1 and
thereafter. The simplest thing to do is to provide a simple front-end
API, designed for human usability, that abstracts away the
complexities of cryptography engineering.
I'm absolutely i
> On Jan 9, 2016, at 19:39, Pierre Joye wrote:
>
> On Sun, Jan 10, 2016 at 12:38 AM, Bishop Bettini wrote:
>> On Sat, Jan 9, 2016 at 11:21 AM, Paul M. Jones wrote:
>>>
On Jan 9, 2016, at 09:43, Pierre Joye wrote:
On Jan 9, 2016 10:16 PM, "Paul M. Jones" wrote:
>>
> On Jan 10, 2016, at 11:03, Paul M. Jones wrote:
>
> Hi Anthony,
>
>> On Jan 9, 2016, at 21:48, Anthony Ferrara wrote:
>
> [Regarding supported of the COC as presented]
>
>> We've been trying to discuss logic.
>
> I think "logic" would apply itself to more measurements of observable
> rea
Hi Anthony,
> On Jan 9, 2016, at 21:48, Anthony Ferrara wrote:
[Regarding supported of the COC as presented]
> We've been trying to discuss logic.
I think "logic" would apply itself to more measurements of observable reality.
For example:
- Collect observations and apply some sort of measure
On 10/01/2016 08:58, Yasuo Ohgaki wrote:
- "super_global" rather than "superglobal" to obey CODING_STANDARD.
AFAIK, "superglobal" is consistently spelled as one word throughout the
manual, so that underscore looks very out of place to me.
--
Rowan Collins
[IMSoP]
--
PHP Internals - PHP R
> -Original Message-
> From: Dennis Birkholz [mailto:p...@dennis.birkholz.biz]
> Sent: Sunday, January 10, 2016 3:16 PM
> To: Lester Caine ; internals@lists.php.net
> Subject: Re: [PHP-DEV] Re: Anonymous voting on wiki
>
> Am 10.01.2016 um 11:20 schrieb Lester Caine:
> > The debate on An
Am 10.01.2016 um 11:20 schrieb Lester Caine:
> The debate on Anonymous voting has been voted on already?
>
> From my own point of view, I like to know who supports and who opposes a
> particular RFC simply because I can't vote myself. It helps me to decide
> if I need to look deeper into the RFC o
Edit: never mind - I must have misread somewhere that dropping in 7.2 was a
plan. Sorry for the misunderstanding!
Marco Pivetta
http://twitter.com/Ocramius
http://ocramius.github.com/
On 10 January 2016 at 12:56, Marco Pivetta wrote:
> While I'd love to see mcrypt die, unless we all forgot ho
While I'd love to see mcrypt die, unless we all forgot how semver works,
this isn't how it can be done :-\
If you want to actually drop something, regardless of how bad it is (and I
know mcrypt is bad), then the next major version is where this should
happen.
Note that pushing for an earlier 8.0 is
Hi All.
Am 10.01.16 um 11:20 schrieb Lester Caine:
> On 10/01/16 03:41, Stanislav Malyshev wrote:
> Perhaps then show them once the vote is closed?
>>
>> That's possible.
I do not see how it helps except to... know who voted what. Indeed if
we only show who voted but not
On 10/01/16 03:41, Stanislav Malyshev wrote:
Perhaps then show them once the vote is closed?
>>> >>
>>> >> That's possible.
>> >
>> > I do not see how it helps except to... know who voted what. Indeed if
>> > we only show who voted but not how, that's fine. If not, it makes the
>> > whole thi
On 10/01/16 04:20, Stanislav Malyshev wrote:
>> currently 207 messages long. Out of that 207, the vast majority *FROM
>> > EITHER SIDE* is either rhetoric, hyperbole or pure argument.
> What's wrong with rhetoric and argument? That's how discussion is made.
> Hyperbole, of course, can be toned down
Hi Bishop,
On Sat, Jan 2, 2016 at 6:47 AM, Bishop Bettini wrote:
>
> RFC: https://wiki.php.net/rfc/on_demand_name_mangling
I like the idea overall.
mangle_superglobals()/name() could be php_mangle_super_global()/name()
- "php_" prefix for being explicit it's for PHP, especially mangle_name().
29 matches
Mail list logo
