On 15 March 2016 at 17:40, Will Fitch <willfi...@php.net> wrote:
> > > On Tue, Mar 15, 2016, at 12:18 PM, Ferenc Kovacs wrote: > > On Tue, Mar 15, 2016 at 6:13 PM, Scott Arciszewski <sc...@paragonie.com> > > wrote: > > > > > On Tue, Mar 15, 2016 at 1:09 PM, Ferenc Kovacs <tyr...@gmail.com> > wrote: > > > > > >> > > >> > > >> On Tue, Mar 15, 2016 at 5:11 PM, Scott Arciszewski < > sc...@paragonie.com> > > >> wrote: > > >> > > >>> Hi PHP team, > > >>> > > >>> I've opened the vote on > https://wiki.php.net/rfc/mcrypt-viking-funeral > > >>> which aims to deprecate ext/mcrypt in PHP 7.1 then remove it in 7.1+1 > > >>> (i.e. > > >>> make it only installable via PECL). > > >>> > > >>> In the interim, I'll be developing a (MIT licensed) decryption-only > > >>> userland implementation of the mcrypt ciphers so people can migrate > their > > >>> code towards something better. > > >>> > > >>> This vote is opened on March 15th, 2016 and will close March 22th at > > >>> 17:00 > > >>> UTC. > > >>> > > >>> (Sidenote: Apologies for the brief unannounced hiatus from > participating > > >>> here.) > > >>> > > >>> Scott Arciszewski > > >>> Chief Development Officer > > >>> Paragon Initiative Enterprises <https://paragonie.com> > > >>> > > In the RFC: > > "Removal from core: The following major/minor version (7.2.0 or 8.0.0)" > > and then > > "Vote “Yes” to raise an E_DEPRECATED notice in PHP 7.1 when any mcrypt > function is used and to remove the extension from core in 7.1+1." > > Which one is it? I feel removing at 7.2 would be too soon. I agree that > the abandonware is a nuisance, but many developers using ext/mcrypt have > no idea of this. Raising an E_DEPRECATED in the next 7.1.x, then > removing in 7.2 is just too soon. > > I disagree. It's not like we are obliterating the functionality from the face of the planet, any user requiring mcrypt in 7.2+ can fully aware of the consequences, install it from PECL. Also, bear in mind that some linux distros (RHEL) have already dropped mcrypt support.
