hi Remi, On Wed, Dec 10, 2014 at 5:33 PM, Remi Collet <r...@fedoraproject.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Le 05/12/2014 17:17, Scott Arciszewski a écrit : >> Hi PHP Internals, >> >> I've been trying to get in contact with the maintainers of >> libmcrypt, but every response I've gotten was, "Oh, I haven't been >> a part of that for years." >> >> http://sourceforge.net/projects/mcrypt/files/Libmcrypt/ >> >> The last update to libmcrypt was in 2007. There are bug fixes in >> their issue tracker collecting dust. > > Having a dead upstream for crypto API is a critical issue :( > > FYI some downstream (ex RHEL) don't even provide this library. > Already too much crypto libraries, and it will be a mess to provide a > dead project in an Enterprise distribution. > > So php/mcrypt also not available. > > But most applications. which use it, usually have alternative, and > make it optional (ex phpMyAdmin 4.3 now even use openssl as first choice). > > We probably have enough crypto API in PHP, and we probably should mark > this one as deprecated / unmaintained in 5.x, and move it to PECL (7.x).
I think it is yet another candidate for removal, like imap. It could became even more critical if some serious flaws will be found in libmcrypt and never get fixed. Cheers, -- Pierre @pierrejoye | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
