On 2/8/15, 6:23 PM, "Stanislav Malyshev" wrote:
>The better alternative you proposing is having no mcrypt extension at
>all in core. Which means the users have three choices:
>
>1. Rewrite all their code to a different API (with accompanying costs in
>development, QA, stability, maintenance of co
Hi!
> On 2/8/15, 11:38 AM, "Derick Rethans" wrote:
>>
>> Btw, I only voted no because I don't think we should just remove it. A
>> reimplementation of its APIs on top of eg. Open SSL makes sense. And that
>> I'd vote yes for.
>
> This idea makes me nervous. It doesn't sound at all easy and will
Hi Derick,
On 2/8/15, 11:38 AM, "Derick Rethans" wrote:
>
>Btw, I only voted no because I don't think we should just remove it. A
>reimplementation of its APIs on top of eg. Open SSL makes sense. And that
>I'd vote yes for.
This idea makes me nervous. It doesn't sound at all easy and will take
Tom Worster schreef op 8 februari 2015 15:38:15 GMT+00:00:
>mycrypt was abandoned by its developers in 2007. The package in Debian
>is
>from 2009. It has been removed from RHEL.
>
>This is already unacceptable. But it would be an insult to the idea of
>"security" to include mcrypt in PHP 7.
>
>The
