On Mon, Sep 10, 2012 at 3:31 PM, Anthony Ferrara <ircmax...@gmail.com> wrote: > Hannes, > > On Sun, Sep 9, 2012 at 12:23 PM, Hannes Magnusson > <hannes.magnus...@gmail.com> wrote: >> >> On Tue, Sep 4, 2012 at 3:16 PM, Anthony Ferrara <ircmax...@gmail.com> >> wrote: >> > Hello all, >> > >> > I'm opening the vote for the simplified password hashing API indicated >> > here: >> > >> > https://wiki.php.net/rfc/password_hash >> > >> >> >> I like the idea, but I don't understand why this isn't developed as an >> extension first and then brought into core when it has proven to work >> and actually simplify things for the user? > > > First off, this has been discussed on the list for literally months. Why > wait until the day before voting can end before bringing this up?
So commenting is strictly forbidden during votes? > Secondly, the main reason for not developing this as an extension is that > there's really no benefit to it. There are little to no performance gains to > be had by the C implementation. It can live quite as easily as a PHP > library. The benefit is that it can be tested properly and bugs discovered and ironed out first. This is not the sort of thing you want to get security bug reports the day after its released in core. If your ego is big enough you can guarantee you have tested this thoroughly and want it to become the recommended way.. You have to be damn sure you don't fuck it up. This is exactly the sort of thing that doesn't need to be developed in the core tree, but can later be merged in once proven successful. Like I said, I really like the idea, just don't see why it isn't tested out as an pecl extension first. >> Especially considering the patch is unfinished. > > > Aside from adding a few more tests, what's unfinished? If you're referring > to the line in the RFC, I just haven't updated it. The patch has been worked > on and is in a place where I'd be comfortable submitting it... The test suite seems very limited, and the code seems to be waiting for more algorithms to be implemented. -Hannes -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
