Hi Dan, I understood about RFC process.
On Wed, Aug 17, 2016 at 12:23 PM, Dan Ackroyd <dan...@basereality.com> wrote: > Additionally, you seem to completely have ignored this: > > Dan Ackroyd wrote: >> And I strongly object to the idea of stopping and starting voting on RFCS. >> Please leave the vote open and if it fails take some time to think about the >> feedback. > > It would benefit everyone if you stopped responding immediately and > instead took time to actually think about what people have been > saying. This RFC isn't going to be in PHP 7.1, so it is fine to wait 3 > months to present a new version of the RFC. It seems I've marked "already read" by mistake. Thank you for reminding. I got that you prefer userland implementation. I'm planning to propose "Filter module deprecation" when this RFC is declined, because current validation filter is not good enough to do the job and makes situation worse than better... If deprecation RFC is declined also, then I might try to improve this RFC again. BTW, I cannot guess the reason behind "no" votes. I can guess reasons for people participating discussions, though. Even when RFC author could guess the reason, it would be nicer for voters and author if one explains the reason why vote "no" in vote thread. Explicit description is better than guess, IMHO. Besides, unlike you, there are many people do not left any clue. For example, I completely fail to understand the reason why "Enable session.use_strict_mode by default" and "Precise Session Management" RFC is declined. These are _mandatory_ for session security and not a matter of preference, but do it and/or how to do it. If one fails to see why it is mandatory, should ask why. If one think "it must be more efficient", then should insist patch improvement. If one think proposal is wrong, then should point out what's wrong. IMO. If opinion is the same, should mention "Same here"/"Agree" at least. It's okay to say "let's ignore such security issues" or "let it users responsibility to secure session", but his/her opinion should be expressed. It's not a political vote, but technical vote after all. I guess most people voted "no" for "Enable session.use_strict_mode by default" and "Precise Session Management" is based on wrong assumption. For this vote, I'm guessing preferences are strongly affected, filter module nature and patch quality. The code is messy because I didn't refactor code to minimize changes. It's still a guess, though. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
