Hi,
The voted-upon-RFC still has
> session.use_strict_mode (0 to 1) - Changed as insurance of broken PRNG
> implementation.
Although you said:
It was moved to other RFC.
https://wiki.php.net/rfc/session-use-strict-mode
And neither did you restart voting after modifying the RFC - or writing
down in the RFC's changes that it got changed.
So what's the deal?
cheers,
Derick
On Tue, 12 Jul 2016, Yasuo Ohgaki wrote:
> Hi all,
>
> On Sat, Jul 2, 2016 at 4:35 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
> > Currently session module uses obsolete MD5 for session ID. With
> > CSPRNG, hashing is redundant and needless. It adds hash module
> > dependency and inefficient (There is no reason to use hash for CSPRNG
> > generated bytes).
> >
> > This proposal cleans up session code by removing hash.
> >
> > https://wiki.php.net/rfc/session-id-without-hashing
> >
> > I set vote requires 2/3 support.
> > Please describe the reason why when you against this RFC. Reasons are
> > important for improvements!
> >
> > Thank you!
>
> Thank you for voting and the RFC has passed 13 vs 5.
> I'll prepare documents and merge the change in a few days.
>
> Regards,
>
> --
> Yasuo Ohgaki
> yohg...@ohgaki.net
>
>
--
https://derickrethans.nl | https://xdebug.org | https://dram.io
Like Xdebug? Consider a donation: https://xdebug.org/donate.php
twitter: @derickr and @xdebug
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
