Hi Leigh,
On 2/8/15, 12:33 PM, "Leigh" wrote:
>
>Are we happy to accept that we'll lose access to some of mcrypts
>ciphers if we do this? I'd suspect most real world usage of php-mcrypt
>is to implement AES anyway, so most users would be covered.
I hope your suspicion is right.
I'd be happy to
On 8 February 2015 at 17:03, Pierre Joye wrote:
> I agree with Derick about wrapping ext/mcrypt around OpenSSL or other to
> keep it around for BC. I simply do not have the resources to make that
> happen so someone has to jump on it (Derick?)
>
Are we happy to accept that we'll lose access to so
On Feb 8, 2015 10:44 PM, "Tom Worster" wrote:
>
> Hi Yasuo, Pierre,
>
> Thank you both for the updates.
>
> I expect the vote to remove mcrypt can be shifted towards "yes" if some
> campaigning effort is made. I made a start in another thread.
>
> Assuming that mcrypt goes, as it should, we are le
Hi Yasuo, Pierre,
Thank you both for the updates.
I expect the vote to remove mcrypt can be shifted towards "yes" if some
campaigning effort is made. I made a start in another thread.
Assuming that mcrypt goes, as it should, we are left with a problem. The
PHP user doesn't have a platform-indepe
Hi Pierre,
On Sun, Feb 8, 2015 at 3:51 PM, Pierre Joye wrote:
> Not sure what this RFC is (did not dig the list as the link is wrong).
> However the latest on the topic is here and it is does not look
> remotely close to a approval:
>
> https://wiki.php.net/rfc/removal_of_dead_sapis_and_exts
>
On Sun, Feb 8, 2015 at 1:43 PM, Yasuo Ohgaki wrote:
> Hi Pierre,
>
> On Sun, Feb 8, 2015 at 3:04 PM, Pierre Joye wrote:
>>
>> On Feb 8, 2015 12:48 PM, "Yasuo Ohgaki" wrote:
>>
>> >> 2. What's going to happen to mcrypt?
>> >>
>> >> I see the vote to excise it did not pass. Does this mean that (i.
Hi Pierre,
On Sun, Feb 8, 2015 at 3:04 PM, Pierre Joye wrote:
> On Feb 8, 2015 12:48 PM, "Yasuo Ohgaki" wrote:
>
> >> 2. What's going to happen to mcrypt?
> >>
> >> I see the vote to excise it did not pass. Does this mean that (i.e.
> >> imply that) PHP's plan is to keep a security lib that has
On Feb 8, 2015 12:48 PM, "Yasuo Ohgaki" wrote:
>> 2. What's going to happen to mcrypt?
>>
>> I see the vote to excise it did not pass. Does this mean that (i.e.
>> imply that) PHP's plan is to keep a security lib that hasn't been
>> maintained for 8 years for the next 5+ years?
>
>
> Removed.
> A
Hi Tom,
On Sun, Feb 8, 2015 at 4:24 AM, Tom Worster wrote:
> 1. Will there be a portable API for getting random bytes from the
> platform's CSPRNG?
>
> https://wiki.php.net/ideas/php6 lists as an addition: "Reliable,
> userfriendly RNG APIs: Provide a userfriendly and reliable RNG APIs,
> availa
