Pierre, On Tue, Sep 11, 2012 at 2:14 AM, Pierre Joye <pierre....@gmail.com> wrote:
> hi Stas, > > On Tue, Sep 11, 2012 at 12:23 AM, Stas Malyshev <smalys...@sugarcrm.com> > wrote: > > OTOH, PECL module that can be built in 5.3/5.4 too might be nice. Not > > everybody is going to upgrade to 5.5 soon, so having them participate > > would be good too. Maybe we could do it as a module and have it workable > > as PECL too for those who are not on 5.5? PHP solution is not really the > > same - if we have two separate codebases, nobody can be sure they > > actually do the same thing. > > Yes, that's actually what I wanted to ask as well for this ext. But > I'm not sure it is easy as it relies on PHP APIs which were no exposed > in 5.3 nor 5.4. Maybe we could expose them in the next releases (to > check which). > That is correct. It involved refactoring crypt() internally to expose an internal API for php_crypt: https://github.com/ircmaxell/php-src/blob/hash_password/ext/standard/crypt.c#L148 It's not the end of the world, because we can copy/paste that function into the PECL extension, and just conditionally include it. There would be duplication between the two, but it wouldn't be too bad... However maintaining both core and pecl can be sometimes time consuming > (hours matter, not days :), but it is definitively a great way to > provide updates more frequently or to provide more tests releases > (beta). > > Anthony, is it something you would consider? It could also help to > speed up the adoption. > Consider? Sure. But I'm not sure it's worth while. Stas brought up the adoption point, which I think is the kicker. The target audience for this API is not the type that usually has access to install PECL extensions. So while some may use it as an extension, the majority who would significantly benefit from it wouldn't be able to. So the benefit to releasing it as a PECL extension would basically defeat the point... And to Stas's point about the PHP solution not being the same, I fail to understand why. It's built using identical algorithms (translated from C to PHP as best as possible). It's tested using the same tests with the only difference surrounding error messages. Plus it's portable (can be used on shared hosts). The only real difference is testing the PHP version doesn't say anything to the *security* of the C version. But it does test the API and the concept... Anthony
