Tbh, this affects a new minor and a new major, and only in an unhappy path scenario, where the current PHP API is bad.
PHP 9 will introduce a hard crash: good. It's a BC break: yes, native de-serialization is one of the most unsafe parts of the language, and it requires hardening. The fact that Symfony declared that it already supports PHP 8.3 and PHP 9.0 is your problem, and mostly your misunderstanding of SemVer On Sat, 15 Oct 2022, 11:06 Nicolas Grekas, <nicolas.grekas+...@gmail.com> wrote: > > > Not sure why I didn't think about it before but I just ran the test > suite > > > of Symfony after applying the patch proposed in the RFC to change the > way > > > exceptions are handled by unserialize. > > > > > > This change breaks the test suite of 5 separate components. I created > > this > > > gist to list all the failures: > > > > https://gist.github.com/nicolas-grekas/3da652a51669baa40c99bd20e4a1b4dd > > > > > > Maybe I wasn't convincing enough during the discussion period, but that > > > doesn't change the fact that the proposed behavior in the RFC is a very > > > clear BC break that will affect userland significantly. > > > > > > I'm therefore voting NO on the proposal. > > > > > > > I'm not surprised by the “no” on the first vote based on the previous > > discussion. I am surprised however that you also disagree with raising > > the E_NOTICE to E_WARNING for consistency. > > > > I don't plan on repeating all the previous discussion points with you, > > but as you mention the Symfony tests specifically: Please find the patch > > attached. Do you believe the expectations in this new test would a > > reasonable expectation by a Symfony user? > > > > Since the beginning my point is not that the RFC doesn't have merits. It's > that the proposed approach breaks BC in a way that will affect the > community significantly. We have policies that say we should avoid BC > breaks and they should apply here. > > To anyone wondering about the reality of the BC break if you're not > convinced there is one because the original code is broken anyway (which is > your main argument Tim IIUC): please have a look at the failures I reported > above and wonder about the changes the RFC would impose. I cannot think > about one that would not imply some sort of "if the version of PHP is >= > 8.3 then A, else B". This is the fact that highlights the BC break. > > Nicolas >
