On 10 February 2015 at 21:38, David Muir <davidkm...@gmail.com> wrote: > Does this mean PHP will be taking on the role of maintaining libmcrypt as > well?
That's not what it means, no. > If a security issue is found, what is the course of action? Well, what happened when there was vulnerabilities in OpenSSL? I've been thinking quite hard about what we should do with regard to mcrypt. We definitely need a plan to sunset it, but we can't really do that without a readily available replacement. It's understandable if people do not want to use OpenSSL as an alternative. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
