----- Original Message ----- > From: "Yasuo Ohgaki" <yohg...@ohgaki.net> > To: "Joe Watkins" <pthre...@pthreads.org>, "Andrey Andreev" <n...@devilix.net> > Cc: internals@lists.php.net > Sent: Thursday, April 13, 2017 1:07:19 AM > Subject: Re: [PHP-DEV] [RFC][VOTE] Improve hash_hkdf() parameter
> Hi Joe, > > On Wed, Apr 12, 2017 at 7:46 PM, Joe Watkins <pthre...@pthreads.org> wrote: > >> This RFC was left open for 5 days past the end of voting as declared on >> the RFC. >> > > Thank you, I forgot about this. > IMHO, it's a shame for us we should have inconsistent and insecure function > signature for a new function. > > I'm going to update the manual to add warning notes and example usages > like advanced CRFS token dedicated for specific URL with expiration time. > > I can think of length option only usage, but I cannot think usage that could > be useful for majority of PHP users like advanced CSRF token. Is this really something we need in our official docs instead of for example on a personal blog? To be honest I am afraid of ending up with something like the current state of the session docs. Which are imo way too broad / opinionated, non English, contains utterly confusing examples and / or flat out wrong and broken examples. Above already resulted in a stream of docs bugs regarding session pages and a lot of confused readers. By all means describe how functions work, but don't confuse readers with things most people won't ever need or are better suited as a (series of) blog posts / Stack Overflow post(s). My €0.02 cc-ing docs discussion to get them also involved in case somebody of the docs team has an opinion. > Andrey, > > Could you give us some length only and length/info only example > that could be useful for most PHP users. > It should be safe and recommended usage. > I suppose you should have some good examples. > > Thank you. > > -- > Yasuo Ohgaki > yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
