On Tue, Oct 18, 2016 at 8:00 PM, Lester Caine <les...@lsces.co.uk> wrote: > On 18/10/16 11:02, Niklas Keller wrote: >>> 'Suppliers' should perhaps be helped to configure their systems so the >>> > users can use things, but things like /dev/urandom may need some >>> > additional notes to help identify problems when frameworks like owncloud >>> > start throwing errors. As Niklas says it's shared environments where >>> > this one may bite. >>> > >> Just to be clear: I don't argue that those systems are broken, I just say >> that there is a BC break for those systems and that this has to be >> documented. > > Yes ... and the RFC process is at least part of the documentation.
The patch committed is pure bug fix. uniqid() is simply _broken_ because it does not provide expected uniqueness due to timestamp based php_combined_lcg(). (I added large warning to the manual recently, though) unique id (time stamp) + entropy (timestamp based entropy) Who argue result is reasonably unique? Who don't use NTP to adjust system time? Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
