RFC updated to include: * A note about mt_rand()s poor performance * Separate votes for proposals so we can at least get the security fixes through * Updated vote from 50% to 2/3 as it does cause a BC issue.
I should also state that mt_rand is easily implementable in userland, so the correct/legacy algorithm can be provided that way if changing it in core does not pass (I have a library providing this) So there have been a couple of suggestions of providing legacy functionality via a PECL extension. If we were to make rand/mt_rand use function pointers to their implementation it would be very easy for an extension to override their behaviour. If people like this idea I'm more than happy to provide this ext as part of the RFC.
