On Thu, Dec 11, 2014 at 5:31 AM, Andrea Faulds <a...@ajf.me> wrote: > Hi! > >> On 10 Dec 2014, at 06:33, Remi Collet <r...@fedoraproject.org> wrote: >> >> Having a dead upstream for crypto API is a critical issue :( >> >> FYI some downstream (ex RHEL) don't even provide this library. >> Already too much crypto libraries, and it will be a mess to provide a >> dead project in an Enterprise distribution. >> >> So php/mcrypt also not available. >> >> But most applications. which use it, usually have alternative, and >> make it optional (ex phpMyAdmin 4.3 now even use openssl as first choice). >> >> We probably have enough crypto API in PHP, and we probably should mark >> this one as deprecated / unmaintained in 5.x, and move it to PECL (7.x). > > It’s my understanding that ext/mcrypt is quite widely used. Would it not be > possible to update the lib to use OpenSSL or something on the backend, so > existing applications would not need changing?
I suppose you mean to replace the functions implementation to use openssl + some custom codes? As maintaining our own library is not going to be a good idea :) -- Pierre @pierrejoye | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
