Hi Niklas, On Tue, Oct 18, 2016 at 9:08 PM, Niklas Keller <m...@kelunik.com> wrote: >> >> As you can see from last minutes discussion. >> >> "/dev/urandom cannot be read" is FUD. >> It's pure bug fix. (I intentionally made patch easy to extend used >> chars, though) >> >> Would you consider revert the revert? > > > This discussion shows there should be a RFC and a vote. I'd not consider > this a simple bug fix, after all it doesn't really fix it. > > If we want to fix it in core, we'd better include an UUID generation > mechanism than fixing uniq_id.
UUID like uniqueness is not the subject of uniqid(), isn't it? As I wrote, it's simple bug fix. --------------- The patch committed is pure bug fix. uniqid() is simply _broken_ because it does not provide expected uniqueness due to timestamp based php_combined_lcg(). (I added large warning to the manual recently, though) unique id (time stamp) + entropy (timestamp based entropy) Who argue result is reasonably unique? Who don't use NTP to adjust system time? --------------- Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
