Re: [RFC] [VOTE] Deprecations for PHP 8.4

From:	Larry Garfield	Date:	Fri, 26 Jul 2024 14:20:00 +0000
Subject:	Re: [RFC] [VOTE] Deprecations for PHP 8.4
References:	1 2 3 4 5 6 7 8	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

On Fri, Jul 26, 2024, at 11:11 AM, Christoph M. Becker wrote:
> On 26.07.2024 at 12:03, Gina P. Banyard wrote:
>
>> Stephen Rees-Carter, a security expert that has performed countless security audits on
>> Wordpress and Laravel websites, would like to disagree with the fact that it is not enough of a good
>> reason. [1]
>> A warning on a documentation page is useless, as nobody is forced to read it.
>
> Right, but even a deprecation notice is likely to be ignored by those
> (either use the shut-up operator, or use hash("md5), or maybe a polyfill
> to support old PHP versions), so the deprecation wouldn't help in such
> cases.
>
> (I've recently seen a new release of a software which still uses
> <https://www.openwall.com/phpass/>. 
> Apparently, the notice to prefer
> the password_*() API has been ignored or overlooked.)
>
> On the other hand, I'm quite confident that a deprecation could be
> useful for some developers, who would at least reconsider the use of
> md5/sha1 hashes, but just have overlooked this; although some static
> analysis should report respective issues.  However, there is certainly
> code without any static analysis, where at least this discussion appears
> to be helpful, e.g. our php-sdk-binary-tools might reconsider their use
> of md5() and md5(uniqid())[2].
>
> Note that I'm not against these deprecations, but I'm also not strongly
> in favor.  I see valid arguments from both proponents and opponents.
>
>> [1] https://x.com/valorin/status/1816593881791860963
>
> [2] <https://github.com/php/php-sdk-binary-tools/issues/21>
>
> Cheers,
> Christoph

One thing to remind people about, the deprecations for md5(), sha1(), and uniqid() explicitly say
they cannot be outright removed before PHP 10.  That's at least 6 years away.  That gives a
loooooong time for documentation, tutorials, instructions, and code to be updated.

That long deprecation period is the reason why I was comfortable voting yes.  This isn't
something that would happen tomorrow.  It would be in at least two presidential elections from now.

--Larry Garfield


   

Thread (97 messages)

• Gina P. BanyardFri, 19 Jul 2024 17:39:55 +0000
  • Jakub ZelenkaMon, 22 Jul 2024 10:59:53 +0000
    • Jakub ZelenkaMon, 22 Jul 2024 11:39:24 +0000
    • Christoph M. BeckerTue, 23 Jul 2024 14:32:47 +0000
    • Jakub ZelenkaSun, 28 Jul 2024 17:44:53 +0000
  • Derick RethansMon, 22 Jul 2024 16:04:23 +0000
    • Peter StalmanWed, 24 Jul 2024 03:58:56 +0000
      • MorganWed, 24 Jul 2024 22:01:15 +0000
        • Peter StalmanThu, 25 Jul 2024 05:33:28 +0000
        • Rowan Tommins [IMSoP]Thu, 25 Jul 2024 21:34:08 +0000
          • Nick LockheartThu, 25 Jul 2024 22:00:51 +0000
            • Mike SchinkelThu, 25 Jul 2024 22:26:51 +0000
            • Juliette Reinders FolmerThu, 25 Jul 2024 22:44:20 +0000
              • Nick LockheartThu, 25 Jul 2024 22:54:53 +0000
                • Rowan Tommins [IMSoP]Fri, 26 Jul 2024 06:44:17 +0000
                  • Rob LandersFri, 26 Jul 2024 14:47:52 +0000
          • Mike SchinkelThu, 25 Jul 2024 22:22:17 +0000
          • MorganFri, 26 Jul 2024 23:58:17 +0000
            • Rowan Tommins [IMSoP]Sat, 27 Jul 2024 12:36:54 +0000
              • MorganSat, 27 Jul 2024 22:14:32 +0000
                • Rob LandersSat, 27 Jul 2024 22:25:49 +0000
                  • Tim DüsterhusTue, 30 Jul 2024 20:26:19 +0000
                    • Mike SchinkelWed, 31 Jul 2024 01:07:57 +0000
                      • MorganWed, 31 Jul 2024 21:15:58 +0000
                        • Mike SchinkelFri, 02 Aug 2024 06:34:46 +0000
                          • MorganFri, 02 Aug 2024 10:31:52 +0000
                          • Nick LockheartSun, 04 Aug 2024 11:42:19 +0000[RFC] Add Directive to Make All Namespaced Function Calls Global
                            • Christoph M. BeckerSun, 04 Aug 2024 12:08:22 +0000Re: [RFC] Add Directive to Make All Namespaced Function CallsGlobal
                              • Rowan Tommins [IMSoP]Mon, 05 Aug 2024 21:20:59 +0000Re: [RFC] Add Directive to M ake All Namespaced Function CallsGlobal
                            • Marco PivettaSun, 04 Aug 2024 12:23:23 +0000
                            • Ilija ToviloSun, 04 Aug 2024 17:15:43 +0000
                              • Nick LockheartSun, 04 Aug 2024 17:29:25 +0000
                                • Ilija ToviloSun, 04 Aug 2024 18:13:44 +0000
                                  • Nick LockheartSun, 04 Aug 2024 18:39:40 +0000
                                    • Ilija ToviloSun, 04 Aug 2024 20:01:22 +0000
                                      • Nick LockheartMon, 05 Aug 2024 08:22:08 +0000
                                        • Ilija ToviloMon, 05 Aug 2024 11:04:45 +0000
                                          • Nick LockheartMon, 05 Aug 2024 12:27:23 +0000
                                            • Ilija ToviloMon, 05 Aug 2024 13:07:56 +0000
                                              • Nick LockheartMon, 05 Aug 2024 13:33:17 +0000
                                                • Ilija ToviloMon, 05 Aug 2024 18:49:16 +0000
                                                  • Rob LandersMon, 05 Aug 2024 19:37:32 +0000
                • Rowan Tommins [IMSoP]Sun, 28 Jul 2024 06:42:29 +0000
                  • Kamil TekielaSun, 28 Jul 2024 12:24:34 +0000
                    • Tim DüsterhusTue, 30 Jul 2024 19:52:26 +0000
                  • MorganMon, 29 Jul 2024 01:19:20 +0000
                  • Tim DüsterhusTue, 30 Jul 2024 20:57:58 +0000
                    • Rowan Tommins [IMSoP]Wed, 31 Jul 2024 21:38:33 +0000
              • Mike SchinkelSun, 28 Jul 2024 03:54:10 +0000
                • MorganMon, 29 Jul 2024 01:19:23 +0000
                  • Mike SchinkelMon, 29 Jul 2024 04:11:54 +0000
                  • Rowan Tommins [IMSoP]Mon, 29 Jul 2024 06:47:12 +0000
                    • MorganMon, 29 Jul 2024 20:00:37 +0000
                      • Rowan Tommins [IMSoP]Mon, 29 Jul 2024 22:04:35 +0000
      • Tim DüsterhusThu, 25 Jul 2024 15:33:16 +0000
        • Nick LockheartThu, 25 Jul 2024 17:28:51 +0000
          • Tim DüsterhusThu, 25 Jul 2024 18:35:38 +0000
        • Peter StalmanFri, 26 Jul 2024 06:35:14 +0000
          • Peter StalmanFri, 26 Jul 2024 07:09:40 +0000
            • Gina P. BanyardFri, 26 Jul 2024 10:03:53 +0000
              • Reinis RozitisFri, 26 Jul 2024 10:55:31 +0000RE: [PHP-DEV] [RFC] [VOTE] Deprecations for PHP 8.4
              • Benjamin AußenhoferFri, 26 Jul 2024 11:10:46 +0000
              • Christoph M. BeckerFri, 26 Jul 2024 11:11:39 +0000
                • Larry GarfieldFri, 26 Jul 2024 14:20:00 +0000
                  • BilgeFri, 26 Jul 2024 14:34:17 +0000
                  • Rowan Tommins [IMSoP]Fri, 26 Jul 2024 17:33:20 +0000
                    • Christoph M. BeckerSat, 27 Jul 2024 11:24:12 +0000
                      • Mike SchinkelSun, 28 Jul 2024 04:33:18 +0000
                        • Tim DüsterhusTue, 30 Jul 2024 19:24:29 +0000
                      • Tim DüsterhusTue, 30 Jul 2024 19:20:24 +0000
                        • Christoph M. BeckerTue, 30 Jul 2024 21:43:25 +0000
                    • Tim DüsterhusTue, 30 Jul 2024 19:15:30 +0000
                      • Rowan Tommins [IMSoP]Wed, 31 Jul 2024 21:13:45 +0000
                        • Christoph M. BeckerWed, 31 Jul 2024 21:49:44 +0000
                  • Juliette Reinders FolmerSat, 27 Jul 2024 00:18:10 +0000
                    • Tim DüsterhusTue, 30 Jul 2024 19:04:11 +0000
              • Rowan Tommins [IMSoP]Fri, 26 Jul 2024 12:02:49 +0000
              • Mike SchinkelSat, 27 Jul 2024 01:11:49 +0000Re: [RFC] [VOTE] Deprecations for PHP 8.4 — Use a carrot, not a stick.
                • Mike SchinkelSat, 27 Jul 2024 01:18:14 +0000
                • Peter StalmanSat, 27 Jul 2024 10:01:56 +0000Re: [RFC] [VOTE] Deprecation s for PHP 8.4 — Use a carrot, not a stick.
          • Tim DüsterhusFri, 26 Jul 2024 11:58:48 +0000
            • Rob LandersFri, 26 Jul 2024 12:50:58 +0000
              • Tim DüsterhusFri, 26 Jul 2024 13:02:42 +0000
                • Rob LandersFri, 26 Jul 2024 13:25:28 +0000
              • Nick LockheartFri, 26 Jul 2024 20:13:28 +0000
            • Rowan Tommins [IMSoP]Fri, 26 Jul 2024 13:13:10 +0000
              • Christoph M. BeckerFri, 26 Jul 2024 14:27:53 +0000
              • Tim DüsterhusTue, 30 Jul 2024 19:00:05 +0000
            • Peter StalmanSat, 27 Jul 2024 09:54:12 +0000
  • Matthew Weier O'PhinneyTue, 23 Jul 2024 13:42:06 +0000
    • Larry GarfieldTue, 23 Jul 2024 14:04:18 +0000
      • Christoph M. BeckerTue, 23 Jul 2024 14:41:27 +0000
        • Larry GarfieldTue, 23 Jul 2024 14:54:30 +0000
      • Matthew Weier O'PhinneyTue, 23 Jul 2024 16:00:40 +0000
        • Larry GarfieldTue, 23 Jul 2024 16:26:59 +0000
          • Mike SchinkelWed, 24 Jul 2024 09:47:54 +0000
  • Gina P. BanyardSun, 04 Aug 2024 15:49:42 +0000