2023年5月30日(火) 4:49 Tim Düsterhus <t...@bastelstu.be>: > Hi > > On 5/29/23 08:44, Go Kudo wrote: > > I realized I was about to add the deprecation of `lcg_value()` and forgot > > to do so, so I added it. > > > > https://wiki.php.net/rfc/deprecations_php_8_3#global_combined_lcg > > > > As usual, my English is of low quality, so I would appreciate it if you > > could point out any problems. > > I think it's too early for that. Because: > > 1. The replacement is only available as of PHP 8.3. Thus there won't be > a single version where "replacement is available" and "the function does > not emit deprecation notices" is both true. It should be deprecated with > PHP 8.4 at the earliest to give folks at least (!) one version to > cleanly migrate existing code without suppressing any errors / notices / > deprecations. > > 2. It's not seedable, thus the implementation can be switched to use a > different engine without affecting existing code. > > 3. It's not as commonly misused as mt_rand() is. Primarily because the > possible use-cases are much more rare. > > Best regards > Tim Düsterhus > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php > > Hi
> It should be deprecated with PHP 8.4 at the earliest to give folks at least Indeed, I agree that `lcg_value()` should be deprecated at least in PHP 8.4. However, `lcg_value()` remains a dangerous function. It still has a weak initial seeding problem (PID, time), not to mention global state. This is extremely dangerous for workloads on containers where PIDs tend to be fixed. Perhaps this should be documented at the time of PHP 8.3 release. Because of the above, I have removed my `lcg_value()` deprecation entry from the RFC. Thanks! Best Regards, Go Kudo
