

Custodians of PHP vote to keep a crypto lib abandoned in 2003 in PHP 7 - DarwinIsGod
http://thefsb.tumblr.com/post/110639027905/custodians-of-php-vote-to-keep-a-crypto-lib

======
leeoniya
I dont understand the compat-centric decisions being made for major version
changes. It's as if the user-base count is the #1 priority. Many gridlock
arguments because of this :(

Things as simple as fixing ternary associativity that has been broken and
discouraged forever are basically DOA because it may break some tiny % of code
that relies on broken behavior. They have a valid point that simply fixing it
will break code in silent ways. So there was a possibility of making it _un_
associative in 7.0, throwing a warning and only fixing it for real in _5
years_ during the next major cycle. I don't know if this migration path will
even happen.

~~~
jbob2000
>I dont understand the compat-centric decisions being made for major version
changes

Compatibility is the only thing PHP has going for it right now. It feels like
the only PHP apps out there are 'legacy' ones, new projects are written in
newer stuff.

~~~
cweagans
Nonsense. People are writing things in PHP all the time. You just don't hear
about it because it's not the cool, new, shiny thing of the week.

Over 34,000 repos created on Github since Jan 1 that have PHP as the main
language:
[https://github.com/search?utf8=✓&q=created%3A%3E2015-01-01+l...](https://github.com/search?utf8=✓&q=created%3A%3E2015-01-01+language%3APHP&type=Repositories&ref=searchresults)

~~~
thefsb
cweagans is right. PHP is deeply unfashionable, ridiculous even to some
programmers using other langauges. But quietly, somewhere out of sight, it has
been enjoying something of a renaissance in recent years. Generally I'm
pleased with changes in the culture, tools, standards and even in the
language. But just can't get behind this decision to keep mcrypt.

------
cweagans
You know, this same guy wrote before about a framework making a radical BC-
breaking change: [http://thefsb.tumblr.com/post/44942894313/zurb-
foundation-4-...](http://thefsb.tumblr.com/post/44942894313/zurb-
foundation-4-betrayal)

Seems like he just enjoys getting mad at people about their decisions. There's
reasons for this decision, and as a PHP developer, I see why tearing out
mcrypt could be problematic. Pretty lame that he's shitting all over these
guys because they did their job and made a judgement call.

------
thefsb
It appears those with a vote regard adoption of PHP 7 as the higher priority
and therefore compat with existing code using mcrypt must be ensured.
[http://news.php.net/php.internals/82191](http://news.php.net/php.internals/82191)

~~~
jessaustin
I haven't used php, but the situation described at that link is
_codependence_.

    
    
      a: "Most of our users don't care about security."
      b: "OK then they can continue using old broken versions."
      a: "No, then they won't be secure! Therefore it must be easy to upgrade."
      b: "How?"
      a: "By not making the proposed security improvements."
    

This seems like a recipe for losing any users that _do_ care about security,
which is not a viable strategy over the long term.

------
jdhawk
This fuels the adoption of Hack/HHVM.

PHP folks need to remove head from ass. (disclaimer: I love PHP - as a
language)

