Tom Worster <f...@thefsb.org> schreef op 8 februari 2015 15:38:15 GMT+00:00: >mycrypt was abandoned by its developers in 2007. The package in Debian >is >from 2009. It has been removed from RHEL. > >This is already unacceptable. But it would be an insult to the idea of >"security" to include mcrypt in PHP 7. > >The vote to remove mcrypt is at present tied roughly 13:13. If you have >a >vote and haven't used it yet, I urge you to consider doing so. Voting >ends >tomorrow 2015-02-09 at 23:00 CET > >https://wiki.php.net/rfc/removal_of_dead_sapis_and_exts#extmcrypt
Btw, I only voted no because I don't think we should just remove it. A reimplementation of its APIs on top of eg. Open SSL makes sense. And that I'd vote yes for. Calling for a random deletion is misguided. Remember that just removing quite often used APIs doesn't help anybody. It is not unlikely that devs would rather rip out the encryption as a quick fix, than porting it to quite awful other APIs, or perhaps even a really slow PHP based implementation. cheers, Derick - mcrypt extension author -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
