Re: [PHP-DEV] Disable PEAR by default

On 2/1/19 5:12 PM, Peter Kokot wrote: Hello, On Sat, 2 Feb 2019 at 02:08, Alice Wonder wrote: I do not like composer. A problem I have encountered, a project specifies a version for a dependency. That version has vulnerability, developer fixed it in newer release, but composer keeps pulling

Re: [PHP-DEV] Disable PEAR by default

On 2/1/19 5:08 PM, Alice Wonder wrote: On 2/1/19 3:06 PM, Peter Kokot wrote: Hello, On Fri, 1 Feb 2019 at 12:44, Joe Watkins wrote: +1 On Fri, 1 Feb 2019 at 12:35, Sebastian Bergmann wrote: Am 01.02.2019 um 12:27 schrieb Nikita Popov: I would like to suggest that installation of PEAR

Re: [PHP-DEV] Disable PEAR by default

On 2/1/19 3:06 PM, Peter Kokot wrote: Hello, On Fri, 1 Feb 2019 at 12:44, Joe Watkins wrote: +1 On Fri, 1 Feb 2019 at 12:35, Sebastian Bergmann wrote: Am 01.02.2019 um 12:27 schrieb Nikita Popov: I would like to suggest that installation of PEAR is disabled by default in PHP 7.4. PR:

Re: [PHP-DEV] 7.3.1 corruption issue

On 1/27/19 4:57 PM, Alice Wonder wrote: I can't file a bug report because I do not know what went run. I only know system php 7.3.1 Site suddenly stopped working. Apache error log says: Mon Jan 28 00:45:17.896727 2019] [php7:error] [pid 4117:tid 140287279617792] [client 73.15.182.232:53028

[PHP-DEV] 7.3.1 corruption issue

I can't file a bug report because I do not know what went run. I only know system php 7.3.1 Site suddenly stopped working. Apache error log says: Mon Jan 28 00:45:17.896727 2019] [php7:error] [pid 4117:tid 140287279617792] [client 73.15.182.232:53028] PHP Fatal error: require_once(): Failed

Re: [PHP-DEV] Re: patch for imap bug 77153

On 11/20/2018 11:38 PM, Kalle Sommer Nielsen wrote: Den ons. 21. nov. 2018 kl. 06.13 skrev Pierre Joye : Btw, is imap on the list to deprecate in 7.x + kill in 8.x? It is really not maintained well, both c-client and the ext. Would it be possible to consider it? I remember we have spoken

Re: [PHP-DEV] re2c version(s)

On 07/17/2018 06:53 PM, Sara Golemon wrote: I think devs should be able to use flexible versions of re2c (and other tools, e.g. bison), BUT that we should declare formally what versions of these build tools will be used on what branches so that those working on features can predictably know

Re: [PHP-DEV] re2c version(s)

On 07/13/2018 01:27 PM, Sara Golemon wrote: On Fri, Jul 13, 2018 at 3:08 PM, Anatol Belski wrote: *snip* Well, whichever version we've settled on, I've updated sgolemon/php-release to allow using arbitrary versions of re2c.

Re: [PHP-DEV] Unifying logical operators

On 07/10/2018 07:20 PM, Ryan wrote: On Tue, Jul 10, 2018 at 2:26 AM, Walter Parker wrote: That is a matter of style, as I find $a = func() or die more clear that the version that uses || Not chaining stuff together is a third style. This feels like a Python PEP request. By that I mean that

Re: [PHP-DEV] PHP 2^3

On 06/25/2018 07:13 AM, Johannes Schlüter wrote: On Mo, 2018-06-25 at 12:30 +, Zeev Suraski wrote: 3. Foreign Function Interface support. Related to this on a non-PHP-code and strategic matter I would like to rethink PECL. Currently maintenance and installing extensions using it is a

Re: [PHP-DEV] PHP 8 next?

On 06/23/2018 03:11 PM, Zeev Suraski wrote: -Original Message- From: p...@golemon.com [mailto:p...@golemon.com] On Behalf Of Sara Golemon Sent: Sunday, June 24, 2018 1:07 AM To: Nikita Popov Cc: PHP internals Subject: Re: [PHP-DEV] PHP 8 next? On Sat, Jun 23, 2018 at 4:22 PM,

Re: [PHP-DEV] Re: PHP7.1.19RC1 ready for testing

On 06/21/2018 04:02 PM, Dmitri Dmitrienko wrote: PHP 7.1.19RC1 is ready for testing and can be downloaded from: https://downloads.php.net/~ab windows.php.net lists this version as a release https://windows.php.net/download#php-7.1 same goes to 7.2.7

Re: [PHP-DEV] [RFC][Under Discussion] Add functions array_key_first() and array_key_last()

On 06/15/2018 08:37 AM, niel wrote: On 13/06/18 20:26, Enno Woortmann wrote: Hello internals, I've changed the status of the currently introduced RFC to add the functions array_key_first() and array_key_last() to "Under Discussion". https://wiki.php.net/rfc/array_key_first_last Regards,

Re: [PHP-DEV] Strict switch statements

On 06/14/2018 08:57 AM, Thomas Bley wrote: Nikita Popov wrote on 14.06.2018 10:35: On Thu, Jun 14, 2018 at 6:53 AM, Sara Golemon wrote: Just for casual discussion at this point: https://github.com/php/php-src/pull/3297 switch ($a) { case FOO: // Works exactly as current behavior.

Re: [PHP-DEV] [VOTE] Argon2id in Password Hash

On 06/06/2018 03:54 PM, Charles R. Portwood II wrote: Hello Internals, The RFC for including Argon2id in password_* functions is now open for a vote. The RFC is available at https://wiki.php.net/rfc/argon2_password_hash_enhancements. Voting will be open until June 18th, 2018. Thank you. ---

Re: [PHP-DEV] [VOTE] Deprecate and Remove image2wbmp()

On 05/26/2018 07:04 AM, Christoph M. Becker wrote: Hi everybody! As sequel to the RFC dicussion[1], I have started the vote on the “Deprecate and Remove image2wbmp()” RFC: Voting will end on 2018-06-09 21:00 UTC (i.e. in two weeks). Thanks in advance for

Re: [PHP-DEV] [RFC] Deprecation of uniqid()

On 05/12/2018 03:46 PM, Yasuo Ohgaki wrote: On Fri, May 11, 2018 at 9:34 PM, Alice Wonder <al...@librelamp.com <mailto:al...@librelamp.com>> wrote: slightly better if block if($more_entropy) { sodium_increment($nonce); $x = hexdec(substr(bin2hex(

Re: [PHP-DEV] [RFC] Deprecation of uniqid()

On 05/11/2018 05:34 AM, Alice Wonder wrote: On 05/11/2018 05:10 AM, Alice Wonder wrote: On 05/11/2018 03:50 AM, Arvids Godjuks wrote: 2018-05-11 12:36 GMT+02:00 Alice Wonder <al...@librelamp.com>: On 05/11/2018 01:59 AM, Arvids Godjuks wrote: 2018-05-10 16:33 GMT+02:00 Niklas Kel

Re: [PHP-DEV] [RFC] Deprecation of uniqid()

On 05/11/2018 05:34 AM, Alice Wonder wrote: On 05/11/2018 05:10 AM, Alice Wonder wrote: On 05/11/2018 03:50 AM, Arvids Godjuks wrote: 2018-05-11 12:36 GMT+02:00 Alice Wonder <al...@librelamp.com>: On 05/11/2018 01:59 AM, Arvids Godjuks wrote: 2018-05-10 16:33 GMT+02:00 Niklas Kel

Re: [PHP-DEV] [RFC] Deprecation of uniqid()

On 05/11/2018 05:10 AM, Alice Wonder wrote: On 05/11/2018 03:50 AM, Arvids Godjuks wrote: 2018-05-11 12:36 GMT+02:00 Alice Wonder <al...@librelamp.com>: On 05/11/2018 01:59 AM, Arvids Godjuks wrote: 2018-05-10 16:33 GMT+02:00 Niklas Keller <m...@kelunik.com>: Hey, I he

Re: [PHP-DEV] [RFC] Deprecation of uniqid()

On 05/11/2018 03:50 AM, Arvids Godjuks wrote: 2018-05-11 12:36 GMT+02:00 Alice Wonder <al...@librelamp.com>: On 05/11/2018 01:59 AM, Arvids Godjuks wrote: 2018-05-10 16:33 GMT+02:00 Niklas Keller <m...@kelunik.com>: Hey, I hereby propose to deprecate uniqid(). There have b

Re: [PHP-DEV] [RFC] Deprecation of uniqid()

On 05/11/2018 01:59 AM, Arvids Godjuks wrote: 2018-05-10 16:33 GMT+02:00 Niklas Keller : Hey, I hereby propose to deprecate uniqid(). There have been attempts to fix it ( https://wiki.php.net/rfc/uniqid), but those were rejected during discussion, because there's no possible

Re: [PHP-DEV] openssl_pkey_derive

On 04/20/2018 12:55 PM, Jakub Zelenka wrote: Hi, There is a PR to add a new function called openssl_pkey_derive to openssl extension: https://github.com/php/php-src/pull/3197 The purpose is to derive public key algorithm shared secret. I think it's a reasonable addition and if there are no

[PHP-DEV] php and argon2

In this RFC https://wiki.php.net/rfc/argon2_password_hash It looks like Argon2i is now implemented in PHP with the password_* functions (though requires a compile flag ???) Since the sodium extensions used the Argon2id variant by default, would it be prudent to make sure the php password_*

Re: [PHP-DEV] what's the official position on apache threaded environments

On 03/21/2018 09:15 PM, Helmut K. C. Tessarek wrote: On 2018-03-21 21:59, j adams wrote: So what's the story with PHP and multithreaded environments these days? Unfortunately PHP was never and will most likely never be threadsafe as a module. (Yes, I know that there's the ZTS code, but hey,

Re: [PHP-DEV] Re: [RFC] Base Conversion Clowniness

On 03/12/2018 09:43 AM, Sara Golemon wrote: On Mon, Mar 12, 2018 at 11:32 AM, Christoph M. Becker wrote: I tend to prefer option C (throw a Warning, stop processing, and return the value up to that point). Option B (throw a Warning and return FALSE on unexpected characters)

Re: [PHP-DEV][RFC][DISCUSSION] Deprecate the backtick operator

On 02/12/2018 11:43 AM, Wes wrote: Again, the reason is: in case in future PHP wants to use backticks for unicode strings, like javascript. If the community think it's feasible, in PHP 9, 10, whatever, it must be deprecated asap. If you think PHP should use a different syntax for unicode strings

Re: [PHP-DEV] Constants and Access Modifiers

On 11/12/2017 01:38 AM, Tony Marston wrote: wrote in message news:549c4634-ac38-41d3-ab43-f816a9f2b...@fleshgrinder.com... On 11/12/2017 12:44 AM, Stanislav Malyshev wrote: Hi! Yes, Dart has a different understanding of const, which is exactly why I posted it for you guys. In the hope that

Re: [PHP-DEV] Re: RFC - Array Of for PHP 7

On 11/07/2017 03:43 AM, Tony Marston wrote: Irrelevant analogy. If you read https://en.wikipedia.org/wiki/Reduced_instruction_set_computer you will see the advantage of getting rid of complex and specialised instructions and concentrating on simple and general instructions. You will see

Re: [PHP-DEV] Re: RFC - Array Of for PHP 7

On 11/07/2017 02:21 AM, Tony Marston wrote: Some things are so obvious that they do not need scientific proof. Some things that appear obvious are incorrect, especially when bias enters. Scientific proof brings human bias out of the equation, or at least reduces it. For example, in a

Re: [PHP-DEV] TLS v1.2 -only- deployments

On 05/11/2017 07:05 AM, Alice Wonder wrote: On 05/11/2017 04:08 AM, Anatol Belski wrote: Hi Thomas, -Original Message- From: Thomas Hruska [mailto:thru...@cubiclesoft.com] Sent: Tuesday, May 9, 2017 5:33 PM To: PHP Development <internals@lists.php.net> Subject: [PHP-DEV] TL

Re: [PHP-DEV] TLS v1.2 -only- deployments

On 05/11/2017 04:08 AM, Anatol Belski wrote: Hi Thomas, -Original Message- From: Thomas Hruska [mailto:thru...@cubiclesoft.com] Sent: Tuesday, May 9, 2017 5:33 PM To: PHP Development Subject: [PHP-DEV] TLS v1.2 -only- deployments Over the past two weeks, I've

Re: [PHP-DEV] Re: PHP 7.0 and openssl 1.1

it. On 01/23/2017 02:05 AM, Rasmus Lerdorf wrote: On Mon, Jan 23, 2017 at 12:31 AM, Alice Wonder <al...@librelamp.com <mailto:al...@librelamp.com>> wrote: If someone on such a distro really can't use PHP 7.1.x, LibreSSL can be installed in parallel to OpenSSL (I do on CentOS) a

Re: [PHP-DEV] Re: PHP 7.0 and openssl 1.1

If someone on such a distro really can't use PHP 7.1.x, LibreSSL can be installed in parallel to OpenSSL (I do on CentOS) and I suspect php 7.0 will build against it (5.6.x does and 7.1.x does) Also, I suspect older OpenSSL shared libraries could probably be installed in parallel. So it can

Re: [PHP-DEV] http://php.net/usage.php

On 01/08/2017 03:51 PM, Stanislav Malyshev wrote: Hi! With all this wonderful new year's work going on, should we also update (or remove, if we don't want to update it anymore) http://php.net/usage.php ? With data from 2013 it looks kind of pathetic :) Oh wow yeah, that IMHO needs to go.

Re: [PHP-DEV] PHP 5.6 end of active support

On 12/14/2016 02:29 PM, Ferenc Kovacs wrote: On Wed, Dec 14, 2016 at 2:05 PM, Niklas Keller wrote: 2016-12-14 12:23 GMT+01:00 Christoph M. Becker : Hi! The end of active support for PHP 5.6 is documented to be on December, 31th[1]. Does that mean that

Re: [PHP-DEV] Re: Bumping minimal OpenSSL version to 1.0.1 in master for PHP 7.1

On 12/13/2016 02:31 AM, Niklas Keller wrote: OpenSSL support for 1.0.1 will end this year. Support for version 1.0.1 will cease on 2016-12-31. No further releases of 1.0.1 will be made after that date. Security fixes only will be applied to 1.0.1 until then. Version 1.0.0 is no longer

Re: [PHP-DEV] [RFC] Deprecations for PHP 7.2

On 11/20/2016 02:32 PM, Rowan Collins wrote: I'm not sure what you mean by "political". The big challenge which comes up again and again, is that take up of new versions of PHP is low. You can blame the users for that if you like, but the reality is there's no point rushing your shiny feature

Re: [PHP-DEV] Re: [RFC] Abolish 50%+1 Votes

On 11/18/2016 06:55 PM, Kalle Sommer Nielsen wrote: 2016-11-19 3:39 GMT+01:00 Alice Wonder <al...@librelamp.com>: Is it required to be a member of this list to vote? That too would be a good idea if it isn't required, hopefully translators are accurate enough to understand arguments he

Re: [PHP-DEV] Re: [RFC] Abolish 50%+1 Votes

On 11/18/2016 06:26 PM, Marcio Almada wrote: Hi Yasuo, In my opinion, this belongs to another RFC. Please, propose an optional way for voters to input a small paragraph disclosing a justification upon voting. We've seen many voices on this mailing list supporting this proposal, perhaps it's

Re: [PHP-DEV] Type locked variables

On 11/15/2016 03:44 PM, Michael Morris wrote: Perhaps it's time to revisit the idea of allowing variables to have their types locked down. The keywords needed are already reserved. So... string $a = "hello"; int $b = 5; Once declared this way the variable's type won't change unless it gets

Re: [PHP-DEV] function overloading

On 11/15/2016 08:13 AM, Dominic Grostate wrote: I think this may have been discussed before, but I was largely dismissed because no one though it would be possible to implement. However assuming it is possible, what is the general feeling towards function overloading, as seen in C# and Java?

Re: [PHP-DEV] DateTime microseconds discussion

On 11/08/2016 04:16 AM, Arjen Schol wrote: Hi Dan, I think you make some bad assumptions here. The examples provided by Sjon are scripts submitted to 3v4l.org They may have bad assumptions, but are real life examples of DateTime usage. And they will break. They are already broken. That's the

Re: [PHP-DEV] OpenSSL - New Defaults

On 11/07/2016 04:29 AM, Nikita Nefedov wrote: *snip* Hey, It might make even more sense to not provide a default here at all. As history shows that those methods that are considered secure today can become less-than-desirably secure in a couple of years. Which means the same cycle of

Re: [PHP-DEV] Allow Iterator to be used with current, next, reset, key functions

On 10/30/2016 10:19 AM, Rowan Collins wrote: - deprecate reset(), end(), each(), and key() - introduce array_first(), array_last(), array_first_key() and array_last_key() - document replacements for whatever other use cases we can find examples of As a user I certainly like those names

Re: [PHP-DEV] [VOTE] Deprecate png2wbmp() and jpeg2wbmp()

On 10/30/2016 02:30 PM, Christoph M. Becker wrote: Hi! As there has been no discussion in the RFC's discussion thread[1], I assume there is nothing to discuss, so I've just put the "Deprecate png2wbmp() and jpeg2wbmp()" RFC[2] to voting. The voting period ends on 2016-11-13, 22:00 UTC. Thanks

Re: [PHP-DEV] Allow Iterator to be used with current, next, reset, key functions

On 10/30/2016 05:31 AM, Rasmus Schultz wrote: On second thought, I agree with that - changing reset() and end() doesn't make sense, because people know them and expect them to work in a certain way. Likely a lot of people would actually continue to use them with intermediary variables the way

[PHP-DEV] 7.1.0RC5 patch

Hi, first post to list. LibreSSL user. PHP 7.1.0RC5 just needs one minor patch to work with LibreSSL, attached Justification - X509_get_signature_nid() was introduced in OpenSSL 1.0.2 but LibreSSL fork is prior to that. However (and I don't like this) LibreSSL uses a OPENSSL_VERSION_NUMBER