Tom Worster wrote on 13/10/2015 01:29:
Could we regard random_bytes() as a security patch rather than a new feature and therefore port it to PHP 5?
Whether or not it's good for security, it's still a feature - you still have to code your application to depend on this feature being present, or provide some kind of polyfill.
Adding functions in patch versions is very messy, IMHO, because in practice people will be using packaged binaries. Distros like Debian/Ubuntu actually roll their own patch releases rather than using the official release versions; other distros might simply lag behind; applications need to support multiple environments which aren't equally up to date, etc.
There may need to be a concerted campaign of "don't be scared to upgrade to PHP 7", but ultimately having people want the features in it is a Good Thing, and the more you backport, the more you fragment the ecosystem.
Regards, -- Rowan Collins [IMSoP] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
