Re: [PHP-DEV] Re: [RFC] Migrating to GitHub issues

[Stanislav Malyshev]

Hi!

> With Laminas, we use an email alias to allow researchers to report to us.
> We then post the full report as a security issue on GitHub - it's a 
feature

> they rolled out late 2019/early 2020 that restricts visibility to
> maintainers initially, but allows inviting others to collaborate (we 
invite

> the reporter immediately, for instance). It also creates a private branch
> for collaboration. When the patch has been merged, you can mark the issue
> public.
>
> If the plan is to move to GH anyways, this could solve security 
reporting.


Not familiar with it, but on the initial look it seems it could work, 
with one caveat. We have a ton of reports which aren't security issues 
and some which need to be discussed before we are sure which one is that.


We could do it on the list, of course, but that creates the same dangers 
as mentioned before - too easy to lose info in an un-archived ML.

--
Stas Malyshev
smalys...@gmail.com

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php

Re: [PHP-DEV] PHP 8 Release Announcement Page

[Sara Golemon]

On Fri, Nov 19, 2021 at 5:38 AM Rowan Tommins 
wrote:

> Perhaps there should be a section at the end of the 8.1 page saying
> something like "If you're still on PHP 7.x, upgrading gets you all this
> as well!" with the headlines from the 8.0 page, and a link through.
>
>
^^ This.  Maybe even a bread-crumb style navigation to just to "What's new
in X.Y"?  Granted, we only have 8.0 and 8.1 at this point, but it's a nice
tradition to start.

-Sara

Re: [PHP-DEV] Is there an RFC/discussion for ::class being a specific type?

[Stephen Reay]

> On 17 Nov 2021, at 00:22, André Hänsel  wrote:
> 
> It is common (with DI systems for example) and to my knowledge not
> particularly discouraged to have function parameters that are supposed to
> accept something like Foo::class, which currently is a string.
> 
> It seems logical to ask for a special type that can hold class names, so
> that parameters that can accept a class name can be type hinted more
> specifically than just (any) "string".
> 
> Regardless of whether or not such a proposal would be accepted or declined
> (for complexity reasons maybe) I couldn't even find any such proposal. Has
> this really never been asked?
> 
> -- 
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: https://www.php.net/unsub.php
> 
Hi André,

I’ve wondered about this kind of functionality myself, but IMO to be 
particularly useful it’d need to support the ability to accept a classname that 
is a subtype of a parent class or interface. I can’t think of too many places 
where I’d want to know something is a classname reference, and not also want to 
know that it's a subclass or implementation of something specific.


This typeof functionality could support some very expressive solutions, when 
combined with union types, and anonymous classes. 




Cheers

Stephen 
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php

Re: [PHP-DEV] Is there an RFC/discussion for ::class being a specific type?

[Guilliam Xavier]

>
> For example, this is valid:
>>
>> echo "string"::class;
>>
>
> What! Why is it allowed when it gives the same as string::class, and
> $string::class is an error? https://3v4l.org/hfvXm#v8.1rc3
>

Sorry I forgot the namespace... so it really gives the same as "string".
https://3v4l.org/rlZFF#v8.1rc3
Still surprising... maybe possibly useful for dynamically generated code? :/

-- 
Guilliam Xavier

Re: [PHP-DEV] Is there an RFC/discussion for ::class being a specific type?

[Guilliam Xavier]

>
> For example, this is valid:
>
> echo "string"::class;
>

What! Why is it allowed when it gives the same as string::class, and
$string::class is an error? https://3v4l.org/hfvXm#v8.1rc3

-- 
Guilliam Xavier

Re: [PHP-DEV] PHP 8 Release Announcement Page

[Rowan Tommins]

On 19/11/2021 09:38, Giovanni Giacobbi wrote:

Why don't you guys keep the same page for the whole 8.x series? You just
need to drop the ".0" and append at the end (maybe stating what's new from
8.1 specifically). The rationale is that people will be migrating from 7.x
for a long time (hell, I'm still maintaining some legacy 5.x projects), so
it would be nice to have all 8.x major language features in one page. Early
8.0 adopters might be better checking the detailed changelog for 8.1 or
just the regular announcement.



I was thinking the same - a "PHP 7 upgrade" I worked on ended up as a 
jump from 5.6 to 7.4, and I had to trawl through the migration guides to 
remember what interesting features we were getting access to. It would 
have been great to have something that listed the highlights.


Perhaps there should be a section at the end of the 8.1 page saying 
something like "If you're still on PHP 7.x, upgrading gets you all this 
as well!" with the headlines from the 8.0 page, and a link through.


Regards,

--
Rowan Tommins
[IMSoP]

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php

Re: [PHP-DEV] PHP 8 Release Announcement Page

[Giovanni Giacobbi]

On Fri, 19 Nov 2021 at 10:13, Pierre  wrote:

> Le 19/11/2021 à 10:10, Kamil Tekiela a écrit :
> > I would suggest option number 5. Leave it as it is. Many people are still
> > not aware that PHP 8 has been released.
> > If that's not possible, then we should keep the page (opt 3), otherwise
> we
> > will be breaking links to it, e.g. on Stack Overflow.
> > Adding PHP 8.1 alongside would be great, but we already have upgrade
> pages,
> > so I'm not sure the effort is worth it.
> >
> Hello,
>
> I do not agree, PHP 8 release page was really nice (even for me daily
> reading internals) and I think it could be a nice tradition to keep.
>
> 8.1 does bring lots of nice stuff, which deserve a nice presentation.
>
>
Why don't you guys keep the same page for the whole 8.x series? You just
need to drop the ".0" and append at the end (maybe stating what's new from
8.1 specifically). The rationale is that people will be migrating from 7.x
for a long time (hell, I'm still maintaining some legacy 5.x projects), so
it would be nice to have all 8.x major language features in one page. Early
8.0 adopters might be better checking the detailed changelog for 8.1 or
just the regular announcement.

Re: [PHP-DEV] PHP 8 Release Announcement Page

[Pierre]

Le 19/11/2021 à 10:10, Kamil Tekiela a écrit :

I would suggest option number 5. Leave it as it is. Many people are still
not aware that PHP 8 has been released.
If that's not possible, then we should keep the page (opt 3), otherwise we
will be breaking links to it, e.g. on Stack Overflow.
Adding PHP 8.1 alongside would be great, but we already have upgrade pages,
so I'm not sure the effort is worth it.


Hello,

I do not agree, PHP 8 release page was really nice (even for me daily 
reading internals) and I think it could be a nice tradition to keep.


8.1 does bring lots of nice stuff, which deserve a nice presentation.

Regards,

--

Pierre

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php

Re: [PHP-DEV] PHP 8 Release Announcement Page

[Kamil Tekiela]

I would suggest option number 5. Leave it as it is. Many people are still
not aware that PHP 8 has been released.
If that's not possible, then we should keep the page (opt 3), otherwise we
will be breaking links to it, e.g. on Stack Overflow.
Adding PHP 8.1 alongside would be great, but we already have upgrade pages,
so I'm not sure the effort is worth it.

Re: [PHP-DEV] PHP 8 Release Announcement Page

[Sara Golemon]

On Fri, Nov 19, 2021 at 2:35 AM Nikita Popov  wrote:

> On Fri, Nov 19, 2021 at 4:16 AM Sara Golemon  wrote:
>
>> In seven days, https://www.php.net/releases/8.0/en.php is going to be
>> obsolete.
>>
>> Well, that's a harsh term, but it certainly won't reflect the current
>> state
>> on the ground, and we need to decide (should have decided, weeks ago) what
>> we're going to do with it.
>>
>> There's a draft page for the 8.1 announcement here:
> https://github.com/php/web-php/pull/450
>
> So if we want to do an announcement page for 8.1, there's probably not
> that much work left in finishing that draft.
>
>
Ah, of course. Bless Roman's heart.  Yeah, we can get this polished in the
next few days and queue it up on web-php.

-Sara

Re: [PHP-DEV] PHP 8 Release Announcement Page

[Nikita Popov]

On Fri, Nov 19, 2021 at 4:16 AM Sara Golemon  wrote:

> In seven days, https://www.php.net/releases/8.0/en.php is going to be
> obsolete.
>
> Well, that's a harsh term, but it certainly won't reflect the current state
> on the ground, and we need to decide (should have decided, weeks ago) what
> we're going to do with it.
>
> 1/ Make a new announcement page for 8.1 ? Effort: High, Impact: Awesome
> 2/ Update the 8.0 page? Effort: Moderate, Impact: Still relatively awesome
> 3/ Remove the link from the banner (but still keep the page for archival
> purposes). Effort: Low, Impact: Shrugs all around
> 4/ Remove the link AND the page. Effort: Low, Impact: But... why?
>
> Personally, I've not got the cycles for 1 or 2, so I vote 3.  Anyone care
> to do more?  Bear in mind translations will be wanted.  If nobody steps up,
> then I'll plan on implementing #3 next Wednesday.
>

There's a draft page for the 8.1 announcement here:
https://github.com/php/web-php/pull/450

So if we want to do an announcement page for 8.1, there's probably not that
much work left in finishing that draft.

Regards,
Nikita

[PHP-DEV] PHP 7.4.26 Released!

[Derick Rethans]

The PHP development team announces the immediate availability of PHP
7.4.26. This is a security and bug fix release.

All PHP 7.4 users are encouraged to upgrade to this version.

For source downloads of PHP 7.4.26 please visit our downloads page.
Windows binaries can be found on the PHP for Windows site. The list of
changes is recorded in the ChangeLog.

A migration guide is available in the PHP Manual. Please consult it for the
detailed list of new features and backward incompatible changes.

Release Announcement: 
Downloads:
Windows downloads:
Changelog:
Migration guide:  

Many thanks to all the contributors and supporters!

Derick Rethans

P.S. Below is the verification information for the downloads, which is
also available on
.


php-7.4.26.tar.gz
SHA256 hash: 890a7e730f96708a68a77b19fd57fec33cc81573f7249111c870edac42b91a72
PGP signature:
-BEGIN PGP SIGNATURE-

iQIzBAABCgAdFiEEWlKIB4H3VWCL+BX8kQ3rRvU+oxIFAmGTz9gACgkQkQ3rRvU+
oxLblg/+PYpyy8M+n3mVESutLuNG5+sCckjSRTU8m4GbEK8HUVB8f/bZ0rxrPcxO
wE6gdM4LRinDOKh/Mz3idEihGtHHBQ2Cg7IF4MFgoFhdecL4baNQ3w3TLzOt86kD
FjlAgrMApYLU4dsTfdMy+lS3jwua0xVVlRr3+LYpUxfJaXDduXMWG6vGvf5dWP6a
VBwEGVmAmBxQXdi3Lvz2rBl5TFtD+OlFxX3Gw7UMkpUKn+VpXza5141YiE//vVyw
rOS5Dc8kQCn2dg4qNzEpNGicCrjVZZ+rENr/IABoYLcA2BscHB0EK1aRe1tfvwy3
tfpVj+J0hFqKaqoDcUfaZeFZILDzlppOc+rCBA/iF4k/7B7qCcjDqS73zPZ7hGJn
HM5/8WcuWfF5keZmoZ0/jqkHij1hj5YcI0Prb51Iknr5MbXidk0vJOCyP9BEagKh
stR7/PRHFN7XyJi7gkk2UGilNkquuFSLuztwbhMJTKUcvtqxyeff9pXLTAo51xRa
Fetm1t+zyZ7JQ82sYZs+FD6aQWcfTERbay6RiNwOgaNzkyVy6Qzx5NLQ7eBHG8DJ
GGRhx0AeqF+UFUtmakmcuhFXiskWMHG1EkmJbdwqWw+RuP1NyIKxbVAcgxyrEJ3y
K+vYsJmm0bHREoNOm7coMcR21TJC3aygDuYRhLzNUhla1Y482Eo=
=d1un
-END PGP SIGNATURE-

php-7.4.26.tar.bz2
SHA256 hash: d68b88a8f8a437648affcc7793e5e062fa0ec5171f7fd0af385b12c78b1c004d
PGP signature:
-BEGIN PGP SIGNATURE-

iQIzBAABCgAdFiEEWlKIB4H3VWCL+BX8kQ3rRvU+oxIFAmGTz9wACgkQkQ3rRvU+
oxJfqg//e/W2CelvEWCDH5ZLOHn1pq4/Er66P+XvslCs5HBXNeM66lkrIZIuuRRo
1WYibeNvi17BHicjEgZqZyGHJsWYuI+fWD01d7gr5Pk+SQNjmZ5SOmozkPIcEGlc
EH8fyOYgNEuIj1Hz45H7e3RaEChiQKCRc/Nd4//DJwHT/bF45Y8C2p/hLZCMMn+5
dskFVa30Q7fXhUubggrE5S1GArCZ6alsZCwG7kwwh+/6o+Mm0yzogLeaZuJcFYJw
vSWtk9pTvKDQ9MCGfZbjHq2eVdo25FKSMQkizKb9mF3jp4QRUTzb1saNlnOevHFi
czj9bC1ftZ30tu9C8c4ngV5QPOAOBPCYZW94Iydl6U88eIi/aYS6/cULSqNBtvw3
SRx29VPLBSNHQ80CdJ87UBNDNGgEFq3O/Dj4Wi9LeClBEmPtk+15oAtenusBI9P0
WxEQVgRu7hRHIv54jpFtz8Ow7Ma+ETSnqluifu+VP6Y8y4YhVexSqdx1dKQAQJBQ
0CCZZjvnfsPZ/sCaS78PFzw0g4a/GV68qPITIrOyvJ9UQHTkGgX255LM/Pwd1vDD
I8290d6gKxGM1dv+Ke6Hzbb79XDDQ8pDZHY7kr53MekFrSgvO3yLlZTH3c/480zK
Hvnf+IReBJ/Sl21dyi+S1mIW2VhDkyu1/pkGPZly73+VPZ2cQQE=
=tAsh
-END PGP SIGNATURE-

php-7.4.26.tar.xz
SHA256 hash: e305b3aafdc85fa73a81c53d3ce30578bc94d1633ec376add193a1e85e0f0ef8
PGP signature:
-BEGIN PGP SIGNATURE-

iQIzBAABCgAdFiEEWlKIB4H3VWCL+BX8kQ3rRvU+oxIFAmGTz90ACgkQkQ3rRvU+
oxJvbQ/8DnSl9mIbNkohoYphkBaURdvp4bOnjBOC0hDN/WDb2sKvIGPSZ9hnQLmM
WeFIfhPPpbaezFfAXR+9dfu7SdStjVoxMiBCraVwSJqOeC8/Jcj39GPoOd6vKQMJ
Ax8pP2UVSN1ka9zIxSy6DY5VvkYQGoduCMlQq7ZSvK2cjsIJT3cGL7lOIKQL36sk
A0fU8Z0Oo+JSeXMtgEJwtqQMfEZBfx2zTeG7USaXTT+3DwTNT2RlH2IvRME/8AsI
UkCgm+J22tyW3UXQYZmhdzkxWHy8LwD/saBrOLe7xE9W2fftnUB8hhIi0S9f+NtV
VlGMjcm6wtXyKvfo80ZE7jBDDGQ0KtNy0gHYW4OGkJJthHy1fo1eAF+ZHIy3h+Sf
iWyoKvXAvVPktnU+Oeulox+dqp0UPYeFo2GFpAD1U3pO3HZj3bXz8nPl46pIrmfq
KseXLzujnGpsNhl3WcqzahbHuTjJP0XpDlnPntOv8daMW2+NLqZ2JuLvA6yOHO1g
7sHmtpDdacXophlWAq9lOG+bZmACqo6x9QkuWB1bp+TLHqMj8RJpWDXrQ0kqt9Yw
TrDER7jzoCo4nidV811RnvROKu8Bh+LRCLjve7ND02Qp1tMA9jpBdzZu/vnJHFBH
abzA2XQV5jm3+zBOY5V4fm5OkhlcLaFgliOy2EJKXCwHIYaEd7g=
=XWFn
-END PGP SIGNATURE-


-- 
PHP 7.4 Release Manager
Host of PHP Internals News: https://phpinternals.news
Like Xdebug? Consider supporting me: https://xdebug.org/support
https://derickrethans.nl | https://xdebug.org | https://dram.io
twitter: @derickr and @xdebug

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php