On Fri, 26 Jul 2024, at 15:20, Larry Garfield wrote: > One thing to remind people about, the deprecations for md5(), sha1(), > and uniqid() explicitly say they cannot be outright removed before PHP > 10. That's at least 6 years away. That gives a loooooong time for > documentation, tutorials, instructions, and code to be updated.
It also gives a loooooong time for us to update that documentation *before* we start raising deprecation notices, so that there's a chance for someone to actually know what they're supposed to do about it. When I formally proposed deprecation of utf8_encode and utf8_decode, I didn't even post the RFC for discussion before I had written two documentation PRs, one to improve documentation even if the RFC failed; and another proposing the wording if it passed. In contrast, I voted against the deprecation of strftime() because no effort had been made to explain how users should replace it. Surprise surprise, nobody has spent any more effort in the 3.5 years since the deprecation passed, and the only advice in the documentation remains: > Instead use the IntlDateFormatter::format() method. On Fri, 26 Jul 2024, at 15:27, Christoph M. Becker wrote: > Well, you are supposed to also check the hash_hmac() documentation... Why would I, if I'm not using that function? For that matter, when should I be using that function? I'm not even being facetious here, I am genuinely lacking in relevant expertise, and the summary for hash_hmac() is meaningless unless you already know what it does: > Generate a keyed hash value using the HMAC method If the problem is that the web is full of bad documentation, find or write some GOOD documentation. Then, work out how best to signpost users to that documentation. Deprecating md5() and sha1() does neither. Regards, -- Rowan Tommins [IMSoP]
