On Thu, Feb 6, 2014 at 8:01 AM, Stas Malyshev <[email protected]> wrote:
> Hi!
>
>> We do not have to over react here, it is, for a change, that there is
>> clear consensus about the need or wish for this feature. It is not a
>> trivial thing to implement but we have time to make it rock solid
>> until final 5.6.0.
>
> There's a consensus about the feature as it was proposed,
For what I see there is one:
https://wiki.php.net/rfc/timing_attack
> but when all
> kind of things start to be added to it, that eventually becomes a
> different feature from one that was voted on.
What I mean is that the need of a function to do hash equality tests
with time attacks protection got a positive consensus. The
implementation details are indeed subject to change and will certainly
get updates until 5.6.0 final, and surely afterwards as well.
> If the proposal is not
> ready, then the vote should be delayed. If it's ready then the constant
> stream of changes, tweaks and additions looks strange - it's really hard
> to know what the vote is actually about.
There are a couple of caveats that need to be solved. Not sure it
needs a new vote but that should not be a problem to redo it. My point
is that such feature seems to be desired for 5.6 and we should try to
make sure it gets in, as long as it is possible.
Cheers,
--
Pierre
@pierrejoye | http://www.libgd.org