Hey all Am 08.07.24 um 07:05 schrieb Juliette Reinders Folmer:
The only one I can see is cleaning up the codebase and removing duplicate methods.On 8-7-2024 6:57, Andreas Heigl wrote:Am 08.07.24 um 05:04 schrieb Juliette Reinders Folmer: [...]I also don't agree that there are "more appropriate replacements available". The suggested `hash()` replacements for the md5/sha1* functions have the exact same functionality, which the RFC considers "incorrect use", so what are we actually solving by this deprecation ? Devs not having enough to do already ? The problem (for open source) with "force-replacing" the uses of `md5/sha1*` functions with the `hash` function calls, is that the hash extension was not part of PHP core until PHP 7.4, which means that for a significant number of open source projects, the replacement is not a one-on-one function call replacement, but needs guard code for PHP < 7.4 in case the hash extension is not available.From the docs it looks like the hash function was part of the core since php 5.1.2 but perhaps I read that wrongly from the docs.Anyhow, a replacement could possibly be to declare a userland function that then does the version check and either calls the respective function directly or delegates to the hash-function.Agreed, but the fact that it is solvable, is not a justification for adding "busy-work" when the replacement for the deprecated function is, by all accounts, just as bad/incorrect as the original....I don't mind putting the work in when there is a good justification, but I don't see one for this deprecation.
But the RFC definitely states that it is to "encourage users to use a secure hash functions, instead of using an insecure algorithm"
Which is fine. But I am totally with you that deprecating a function by encouraging users to use the same insecure algorithm via a different function is ... an interesting take to say the least.
So with *that* argumentation I am also in the camp to say 'thanks, but no thanks' to that part of the RFC.
Cheers
Andreas
--
,,,
(o o)
+---------------------------------------------------------ooO-(_)-Ooo-+
| Andreas Heigl |
| mailto:[email protected] N 50°22'59.5" E 08°23'58" |
| https://andreas.heigl.org |
+---------------------------------------------------------------------+
| https://hei.gl/appointmentwithandreas |
+---------------------------------------------------------------------+
| GPG-Key: https://hei.gl/keyandreasheiglorg |
+---------------------------------------------------------------------+
OpenPGP_signature.asc
Description: OpenPGP digital signature
