2022年6月16日(木) 2:23 Tim Düsterhus <t...@bastelstu.be>: > Hi > > On 6/14/22 02:01, Go Kudo wrote: > > Voting began on 2022-06-14 00:00:00 (UTC) and will end on 2022-06-28 > > 00:00:00 (UTC). > > > > https://wiki.php.net/rfc/rng_extension > > > > The implementation is not yet complete and has some issues. > > See TODO in Pull Request for details. > > > > https://github.com/php/php-src/pull/8094 > > > > Unfortunately the vote has already started and I'm not sure if that's a > change that might change the outcome of the vote, but while looking > through the implementation once more I noticed that the engine > implementations are not 'final' (and extending those engines is actually > tested with the existing tests). > > However I believe they should be final: > > a) I generally believe that it's a best practice to make everything > 'final' by default. > > b) It's easily possible to use composition with engines, as the > interface only has a single method. > > c) Especially for 'Random\Engine\Secure' I believe that allowing > subclassing is actively harmful, as basically any adjustment of the > engine's behavior violates the contract that the engine returns > cryptographically secure randomness. But also for other engines changing > the behavior also changes the implied behavior given by the engine's name. > > What do you think? > > Best regards > Tim Düsterhus >
Hi Tim > However I believe they should be final That is correct, indeed. The interface is already provided and creating a composition is easy. However, the voting has already started. It would be impossible to edit the RFC now. Fortunately, the Feature Freeze for PHP 8.2 is 7/19. Even after the current Random Extension 5.x RFC voting is over, there is still time to create and vote on RFCs to make changes. I will create an additional RFC like PHP 8.0 Attribute. Regards Go Kudo
