[PHP-DEV] [RFC] Libsodium (bump)

2016-03-26 Thread Scott Arciszewski
Quick update: https://github.com/jedisct1/libsodium/commit/20bf121fcde3104babede887980be835e07b10dd Looks like libsodium 1.0.9 will be out soon, which means ext/sodium 1.0.3 will follow, and then we can get the RFC fleshed out and ready for voting soon after. (As a reminder from the previous

Re: [PHP-DEV] [RFC] RFC4648 encoding

2016-03-26 Thread Sascha Schumann
> That's something to consider, but please keep in mind a sense of > perspective: Anthony measured a _negligible_ performance hit (5 * 10^-6 > seconds). > > Are there any real-world applications that would suffer tremendously from > this academic slow-down? Yes, but that is a micro-benchmark.

Re: [PHP-DEV] [RFC] RFC4648 encoding

2016-03-26 Thread Scott Arciszewski
On Sat, Mar 26, 2016 at 9:55 PM, Sascha Schumann < sascha.schum...@myrasecurity.com> wrote: > > > PHP already offers bin2hex()/hex2bin() and > base64_encode()/base64_decode(). > > > This covers part, but not all, of RFC 4648. > > > > > > I'd like to extend the coverage to include, at minimum,

Re: [PHP-DEV] [RFC] RFC4648 encoding

2016-03-26 Thread Scott Arciszewski
On Sat, Mar 26, 2016 at 9:38 PM, Stanislav Malyshev wrote: > Hi! > > > PHP already offers bin2hex()/hex2bin() and > base64_encode()/base64_decode(). > > This covers part, but not all, of RFC 4648. > > > > I'd like to extend the coverage to include, at minimum, Base32. > >

Re: [PHP-DEV] [RFC] RFC4648 encoding

2016-03-26 Thread Sascha Schumann
> > PHP already offers bin2hex()/hex2bin() and base64_encode()/base64_decode(). > > This covers part, but not all, of RFC 4648. > > > > I'd like to extend the coverage to include, at minimum, Base32. > > What's the use case for it? Is anybody using base32 now? I'd have a few times if the

Re: [PHP-DEV] [RFC] RFC4648 encoding

2016-03-26 Thread Stanislav Malyshev
Hi! > PHP already offers bin2hex()/hex2bin() and base64_encode()/base64_decode(). > This covers part, but not all, of RFC 4648. > > I'd like to extend the coverage to include, at minimum, Base32. What's the use case for it? Is anybody using base32 now? > I'd also like to make these functions

Re: [PHP-DEV] RFC about automatic template escaping

2016-03-26 Thread Stanislav Malyshev
Hi! > True, but the difference is that safety is the default instead of > the exception. Every system has an assumption. It's better that This sounds as the major assumption is there's some procedure ("the safety") that allows to render any output safe. This could not be more wrong. Escaping is

[PHP-DEV] Re: [RFC][Discussion] Precise session data management

2016-03-26 Thread Yasuo Ohgaki
Hi, On Thu, Mar 24, 2016 at 11:34 AM, Yasuo Ohgaki wrote: > Since the vote for > https://wiki.php.net/rfc/precise_session_management > is declined 15 vs 11. > https://wiki.php.net/rfc/precise_session_management#vote > > We have to come up with other solutions for > > -