Hi
On 2/21/22 12:12, Marco Pivetta wrote:
If it's not going to be removed, what's the point of annoying people
with deprecation warnings (that they would patch out/silence anyway)?
Probably to be removed in `9.0` or `10.0`? Yes, it should be removed at
some point.
In contrast to other deprecations (e.g. the utf8_encode/decode currently
discussed), deprecating and ultimately removing crypt() results in an
actual loss of functionality.
...yes? That's the point?
I understand that that's the point. However I agree with Stas that this
would be a BC break with no practical gain and I articulated the reasons
why I believe that: If crypt() is what you need, then crypt() is what
you need and being told that your use-case is invalid is not helping
you. The function already exists and I assume that it does not require
(relevant) maintenance effort for PHP maintainers keeping it.
With the same arguments one could deprecate and remove md5() (and
possibly sha1() as well). It should not be used for passwords, it should
not be used for signatures and any new use should require *careful*
review. Nonetheless there are cases where you still need an
implementation of md5() and then not having md5() is an issue.
If someone proposed the removal of md5() I'd disagree the same.
Best regards
Tim Düsterhus
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
