On 6/5/2016 10:35 AM, Scott Arciszewski wrote: > All my problems? How do I get non-root users to install it? >
How is it possible for them to use it now? You mentioned breaking changes for existing library users. ;) :P PHP is not meant to support you extending your user base, no offense! Our goal is to design an effective and easy to use dynamic high level language for web development. On 6/5/2016 10:35 AM, Scott Arciszewski wrote: > That's the pluggable crypto API RFC, which I probably won't be able to > propose until 7.2. Feel free to pick it up if you'd rather advocate > for that. > I already offered you my full support but I doubt that I can do this on my own. I like crypto and I know a few things but this is a really hard topic. Additionally I already said that moving sodium from PECL to core just to have it there is super bad for many reasons. Let's concentrate on the nice API, even if that means that it will not land in core before 7.2. You are effectively introducing more PHP sadness with the proposed API. PHP sadness reminds me, all the OpenSSL and mcrypt crap should be deprecated and removed too once we have better replacements. That should directly be part of the RFC or people will forget and it stays forever. On 6/5/2016 10:35 AM, Scott Arciszewski wrote: > Put yourself in the shoes of, say, a Python developer who uses > libsodium all the time who comes to PHP. If they don't find crypto_box > and crypto_secretbox, they're going to get confused. > It is not readily available in most other language, there are mostly libraries for it. Hence, the Python users are facing this problem every day. https://download.libsodium.org/doc/bindings_for_other_languages/ Everyone who knows crypto know asymmetric and symmetric and they can find them on Wikipedia, whereas a search for "secret box wikipedia" leads us to: https://en.wikipedia.org/wiki/Puzzle_box :P PHP is a higher programming language, we want to make it easy for the beginner and average user. Professionals find their own ways and eventually end up here if they are really unsatisfied. ;) -- Richard "Fleshgrinder" Fussenegger
signature.asc
Description: OpenPGP digital signature
