2022年6月16日(木) 2:23 Tim Düsterhus :
> Hi
>
> On 6/14/22 02:01, Go Kudo wrote:
> > Voting began on 2022-06-14 00:00:00 (UTC) and will end on 2022-06-28
> > 00:00:00 (UTC).
> >
> > https://wiki.php.net/rfc/rng_extension
> >
> > The implementation is not yet complete and has some issues.
> > See TODO in Pull Request for details.
> >
> > https://github.com/php/php-src/pull/8094
> >
>
> Unfortunately the vote has already started and I'm not sure if that's a
> change that might change the outcome of the vote, but while looking
> through the implementation once more I noticed that the engine
> implementations are not 'final' (and extending those engines is actually
> tested with the existing tests).
>
> However I believe they should be final:
>
> a) I generally believe that it's a best practice to make everything
> 'final' by default.
>
> b) It's easily possible to use composition with engines, as the
> interface only has a single method.
>
> c) Especially for 'Random\Engine\Secure' I believe that allowing
> subclassing is actively harmful, as basically any adjustment of the
> engine's behavior violates the contract that the engine returns
> cryptographically secure randomness. But also for other engines changing
> the behavior also changes the implied behavior given by the engine's name.
>
> What do you think?
>
> Best regards
> Tim Düsterhus
>
Hi Tim
> However I believe they should be final
That is correct, indeed. The interface is already provided and creating a
composition is easy.
However, the voting has already started. It would be impossible to edit the
RFC now.
Fortunately, the Feature Freeze for PHP 8.2 is 7/19. Even after the current
Random Extension 5.x RFC voting is over, there is still time to create and
vote on RFCs to make changes.
I will create an additional RFC like PHP 8.0 Attribute.
Regards
Go Kudo
