New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ext/sodium for PHP 7.2.0 #2560

Closed
wants to merge 1 commit into
base: master
from

Conversation

@paragonie-scott
Contributor

paragonie-scott commented Jun 6, 2017

@remicollet

This comment has been minimized.

Show comment
Hide comment
@remicollet

remicollet Jun 6, 2017

Contributor

Please drop EXPERIMENTAL as obviously no more experimental....

Contributor

remicollet commented Jun 6, 2017

Please drop EXPERIMENTAL as obviously no more experimental....

Show outdated Hide outdated ext/sodium/LICENSE
[libsodium](https://github.com/jedisct1/libsodium).
Full documentation here:
[Using Libsodium in PHP Projects](https://paragonie.com/book/pecl-libsodium),

This comment has been minimized.

@bukka

bukka Jun 8, 2017

Contributor

Are there any plans to move docs to PHP?

@bukka

bukka Jun 8, 2017

Contributor

Are there any plans to move docs to PHP?

This comment has been minimized.

@paragonie-scott

paragonie-scott Jul 10, 2017

Contributor

Yes. That would be a very good idea.

@paragonie-scott

paragonie-scott Jul 10, 2017

Contributor

Yes. That would be a very good idea.

PHP_FUNCTION(sodium_memzero)
{
zval *buf_zv;

This comment has been minimized.

@bukka

bukka Jun 8, 2017

Contributor

could the tab between tab and var be replaced with a single space to keep it more or less consistent with other exts.

@bukka

bukka Jun 8, 2017

Contributor

could the tab between tab and var be replaced with a single space to keep it more or less consistent with other exts.

This comment has been minimized.

@jedisct1

jedisct1 Jun 15, 2017

Contributor

I wish spaces could be used instead of having to mix tab and spaces.

@jedisct1

jedisct1 Jun 15, 2017

Contributor

I wish spaces could be used instead of having to mix tab and spaces.

This comment has been minimized.

@Fleshgrinder

Fleshgrinder Jun 15, 2017

Contributor

This is not mixing of spaces and tabs. Indentation is always with tabs and alignment with spaces, otherwise it is impossible to ensure consistent formatting across different tab configurations. You are already encountering this effect here on GitHub. Tabs are the best choice for indentation, because they allow configuration, but that is exactly not what you want when you carefully align code for readability, hence spaces are the best here. 😺

@Fleshgrinder

Fleshgrinder Jun 15, 2017

Contributor

This is not mixing of spaces and tabs. Indentation is always with tabs and alignment with spaces, otherwise it is impossible to ensure consistent formatting across different tab configurations. You are already encountering this effect here on GitHub. Tabs are the best choice for indentation, because they allow configuration, but that is exactly not what you want when you carefully align code for readability, hence spaces are the best here. 😺

This comment has been minimized.

@bukka

bukka Jun 15, 2017

Contributor

@jedisct1 Personally I prefer spaces for indentation. However much more important thing is to keep the coding style consistent. In most extensions and core, there is just a single spaces...

@bukka

bukka Jun 15, 2017

Contributor

@jedisct1 Personally I prefer spaces for indentation. However much more important thing is to keep the coding style consistent. In most extensions and core, there is just a single spaces...

zval *buf_zv;
if (zend_parse_parameters(ZEND_NUM_ARGS(),
"z", &buf_zv) == FAILURE) {

This comment has been minimized.

@bukka

bukka Jun 8, 2017

Contributor

wouldn't be better to indent it with less tabs? I think that 2 tabs (3 with the function indent) should be enough.

@bukka

bukka Jun 8, 2017

Contributor

wouldn't be better to indent it with less tabs? I think that 2 tabs (3 with the function indent) should be enough.

@LinuzLuzas LinuzLuzas referenced this pull request Jun 9, 2017

Closed

Php 7.0 #2571

@remicollet

This comment has been minimized.

Show comment
Hide comment
@remicollet

remicollet Jun 12, 2017

Contributor

=> remicollet@167bbb6

@weltling please check config.w32

BTW, I agree on changing license to PHP one, @paragonie-scott what do you think ?

Contributor

remicollet commented Jun 12, 2017

=> remicollet@167bbb6

@weltling please check config.w32

BTW, I agree on changing license to PHP one, @paragonie-scott what do you think ?

@jedisct1

This comment has been minimized.

Show comment
Hide comment
@jedisct1

jedisct1 Jun 12, 2017

Contributor

Is changing the license a requirement?

I'd like to stick to the BSD license, if compatible with PHP requirements. Or else, have it dual licensed.

Contributor

jedisct1 commented Jun 12, 2017

Is changing the license a requirement?

I'd like to stick to the BSD license, if compatible with PHP requirements. Or else, have it dual licensed.

@remicollet

This comment has been minimized.

Show comment
Hide comment
@remicollet

remicollet Jun 12, 2017

Contributor

PHP License is a BSD License, only changed to add the PHP name protection clause.

Contributor

remicollet commented Jun 12, 2017

PHP License is a BSD License, only changed to add the PHP name protection clause.

@remicollet

This comment has been minimized.

Show comment
Hide comment
@remicollet

remicollet Jun 12, 2017

Contributor

Is changing the license a requirement?

Probably no, but I have no real answer, can you please raise this on Internals ?

Contributor

remicollet commented Jun 12, 2017

Is changing the license a requirement?

Probably no, but I have no real answer, can you please raise this on Internals ?

@remicollet

This comment has been minimized.

Show comment
Hide comment
@remicollet

remicollet Jun 12, 2017

Contributor

@paragonie-scott @jedisct1 BTW, if you are OK with my changes, I will merge it soon (at least, I'd like to see this before alpha2)

Contributor

remicollet commented Jun 12, 2017

@paragonie-scott @jedisct1 BTW, if you are OK with my changes, I will merge it soon (at least, I'd like to see this before alpha2)

@remicollet

This comment has been minimized.

Show comment
Hide comment
@remicollet
Contributor

remicollet commented Jun 13, 2017

@remicollet

This comment has been minimized.

Show comment
Hide comment
@remicollet
Contributor

remicollet commented Jun 15, 2017

@Fleshgrinder
  • Formatting is inconsistent, often off (hint: tab for indentation and spaces for alignment), and not optimized for readability.
  • Exception messages are inconsistent and mostly not helpful for the user.
  • Many optional constants and functions, library providers can never be sure what is available and what isn't. This leads to many defined and function_exists checks and pollutes user-level code. I don't know why this is like that, I guess it depends on the sodium library version. In that case it seems better to define a minimum version, rather than having optional features.

PS: Function names are hard to understand (e.g. scalarmult, kx). I know that this is done to be a direct copy of the underlying library. I still believe that this is wrong.

Show outdated Hide outdated ext/sodium/libsodium.c
Show outdated Hide outdated ext/sodium/libsodium.c
/* optional */
ZEND_ARG_INFO(0, key)
ZEND_ARG_INFO(0, length)
ZEND_END_ARG_INFO()

This comment has been minimized.

@Fleshgrinder

Fleshgrinder Jun 15, 2017

Contributor

Would be great if the argument info declarations are close to their respective functions. I also believe that it would be better to use type constraints, instead of just taking mixed types.

@Fleshgrinder

Fleshgrinder Jun 15, 2017

Contributor

Would be great if the argument info declarations are close to their respective functions. I also believe that it would be better to use type constraints, instead of just taking mixed types.

Show outdated Hide outdated ext/sodium/libsodium.c
Show outdated Hide outdated ext/sodium/libsodium.c
PHP_FUNCTION(sodium_increment);
PHP_FUNCTION(sodium_add);
PHP_FUNCTION(sodium_memcmp);
PHP_FUNCTION(sodium_memzero);

This comment has been minimized.

@Fleshgrinder

Fleshgrinder Jun 15, 2017

Contributor

Defining the functions in the header is bad practice.

@Fleshgrinder

Fleshgrinder Jun 15, 2017

Contributor

Defining the functions in the header is bad practice.

Show outdated Hide outdated ext/sodium/php_libsodium.h
@@ -0,0 +1,2682 @@

This comment has been minimized.

@Fleshgrinder

Fleshgrinder Jun 15, 2017

Contributor

PHP license header?

@Fleshgrinder

Fleshgrinder Jun 15, 2017

Contributor

PHP license header?

(unsigned long long) ciphertext_len,
nonce, key) != 0) {
zend_string_free(msg);
RETURN_FALSE;

This comment has been minimized.

@Fleshgrinder

Fleshgrinder Jun 15, 2017

Contributor

Why not an exception at this point?

@Fleshgrinder

Fleshgrinder Jun 15, 2017

Contributor

Why not an exception at this point?

This comment has been minimized.

@jedisct1

jedisct1 Jun 15, 2017

Contributor

Same here. Not a bug, likely not something the developers has to fix.

@jedisct1

jedisct1 Jun 15, 2017

Contributor

Same here. Not a bug, likely not something the developers has to fix.

This comment has been minimized.

@Fleshgrinder

Fleshgrinder Jun 15, 2017

Contributor

Same as above, not a bug, but your function failed and should communicate that. Exceptions have nothing to do with bugs.

@Fleshgrinder

Fleshgrinder Jun 15, 2017

Contributor

Same as above, not a bug, but your function failed and should communicate that. Exceptions have nothing to do with bugs.

return;
}
if (ciphertext_len < crypto_secretbox_MACBYTES) {
RETURN_FALSE;

This comment has been minimized.

@Fleshgrinder

Fleshgrinder Jun 15, 2017

Contributor

Why not an exception at this point?

@Fleshgrinder

Fleshgrinder Jun 15, 2017

Contributor

Why not an exception at this point?

This comment has been minimized.

@jedisct1

jedisct1 Jun 15, 2017

Contributor

It's not a misuse.

Some possibly user-supplied data cannot be decrypted. That's normal, and should probably not trigger an exception, just like strcmp() doesn't throw an exception if the strings don't match.

@jedisct1

jedisct1 Jun 15, 2017

Contributor

It's not a misuse.

Some possibly user-supplied data cannot be decrypted. That's normal, and should probably not trigger an exception, just like strcmp() doesn't throw an exception if the strings don't match.

This comment has been minimized.

@Fleshgrinder

Fleshgrinder Jun 15, 2017

Contributor

strcmp is a bad example, as it does not use exceptions in the first place, and opts for error codes. You are using exceptions on the other hand.

Exceptions are not meant to point out something that requires fixing, in that case an error is asked for (or even a fatal error, depending on the severity). Exceptions indicate that your routine was not able to perform its duty and uphold its promise, in this case decoding something. The caller can catch that exception and try to recover, according to her domain.

Your current API violates this and requires double error handling:

try {
    if (sodium_crypto_secretbox_open('foo', 'bar', 'baz') === false) {
        // could not open, handle problem ...
    } else {
        // successfully opened, continue flow ...
    }
} catch (SodiumException $e) {
    // Actually an InvalidArgumentException ...
}

You might ask now why InvalidArgumentException is an exception and not an error. We cannot tell whether it was a user-level developer mistake or end-user supplied data that lead to the problem, hence, we throw an exception which allows the user-level developer to take appropriate action. This could be an error message that is displayed to the end-user.

@Fleshgrinder

Fleshgrinder Jun 15, 2017

Contributor

strcmp is a bad example, as it does not use exceptions in the first place, and opts for error codes. You are using exceptions on the other hand.

Exceptions are not meant to point out something that requires fixing, in that case an error is asked for (or even a fatal error, depending on the severity). Exceptions indicate that your routine was not able to perform its duty and uphold its promise, in this case decoding something. The caller can catch that exception and try to recover, according to her domain.

Your current API violates this and requires double error handling:

try {
    if (sodium_crypto_secretbox_open('foo', 'bar', 'baz') === false) {
        // could not open, handle problem ...
    } else {
        // successfully opened, continue flow ...
    }
} catch (SodiumException $e) {
    // Actually an InvalidArgumentException ...
}

You might ask now why InvalidArgumentException is an exception and not an error. We cannot tell whether it was a user-level developer mistake or end-user supplied data that lead to the problem, hence, we throw an exception which allows the user-level developer to take appropriate action. This could be an error message that is displayed to the end-user.

This comment has been minimized.

@jedisct1

jedisct1 Jun 15, 2017

Contributor

This could be an error message that is displayed to the end-user. that's exactly what applications using crypto should avoid.

@jedisct1

jedisct1 Jun 15, 2017

Contributor

This could be an error message that is displayed to the end-user. that's exactly what applications using crypto should avoid.

This comment has been minimized.

@jedisct1

jedisct1 Jun 15, 2017

Contributor

The double error handling looks fine to me. They cover very different cases. The former is not an error. And most people will not even try to catch the exception, which is fine as well, as it will only be thrown on misuse.

@jedisct1

jedisct1 Jun 15, 2017

Contributor

The double error handling looks fine to me. They cover very different cases. The former is not an error. And most people will not even try to catch the exception, which is fine as well, as it will only be thrown on misuse.

This comment has been minimized.

@paragonie-scott

paragonie-scott Jun 15, 2017

Contributor

For future bikeshedding purposes: s/should/must/?

@paragonie-scott

paragonie-scott Jun 15, 2017

Contributor

For future bikeshedding purposes: s/should/must/?

This comment has been minimized.

@Fleshgrinder

Fleshgrinder Jun 15, 2017

Contributor

@paragonie-scott this is in informal discussion and not a standard. People should understand that every comment expresses a personal opinion and not the law.

@jedisct1 once more, the invalid arguments should result in an InvalidArgumentException and not a SodiumException, as the latter would indicate that sodium was unable to perform its duty.

Returning false is fine if you guys prefer a procedural interface, but in that case all functions should do so consistently. This would mean that the SodiumException is deleted and proper exceptions from SPL are used that convey the desired meaning:

  • InvalidArgumentException for invalid arguments
  • LengthException for the various length related stuff
  • Error for the various unknown internal error things
  • OverflowException/UnderflowException for the arithmetic problems

The SodiumException as it stands now has no meaning, as it is a catch-all for any- and everything related to the sodium extension without conveying any meaning.

@Fleshgrinder

Fleshgrinder Jun 15, 2017

Contributor

@paragonie-scott this is in informal discussion and not a standard. People should understand that every comment expresses a personal opinion and not the law.

@jedisct1 once more, the invalid arguments should result in an InvalidArgumentException and not a SodiumException, as the latter would indicate that sodium was unable to perform its duty.

Returning false is fine if you guys prefer a procedural interface, but in that case all functions should do so consistently. This would mean that the SodiumException is deleted and proper exceptions from SPL are used that convey the desired meaning:

  • InvalidArgumentException for invalid arguments
  • LengthException for the various length related stuff
  • Error for the various unknown internal error things
  • OverflowException/UnderflowException for the arithmetic problems

The SodiumException as it stands now has no meaning, as it is a catch-all for any- and everything related to the sodium extension without conveying any meaning.

@weltling

This comment has been minimized.

Show comment
Hide comment
@weltling

weltling Jun 15, 2017

Contributor

@remicollet

if (CHECK_LIB("libsodium.lib", "libsodium", PHP_LIBSODIUM) && CHECK_HEADER_ADD_INCLUDE("sodium.h", "CFLAGS_LIBSODIUM"))

still PHP_SODIUM and "CFLAGS_SODIUM" it should be. If i haven't overseen something, it should be it. But otherwise, probably would make sense to check Appveyor as well. I'll be checking after it's merged, but it might be quite short before tag.

Thanks.

Contributor

weltling commented Jun 15, 2017

@remicollet

if (CHECK_LIB("libsodium.lib", "libsodium", PHP_LIBSODIUM) && CHECK_HEADER_ADD_INCLUDE("sodium.h", "CFLAGS_LIBSODIUM"))

still PHP_SODIUM and "CFLAGS_SODIUM" it should be. If i haven't overseen something, it should be it. But otherwise, probably would make sense to check Appveyor as well. I'll be checking after it's merged, but it might be quite short before tag.

Thanks.

@nikic

This comment has been minimized.

Show comment
Hide comment
@nikic

nikic Jun 15, 2017

Member

@Fleshgrinder Thanks for the review. Just a procedural note to avoid confusion: We'd like to get this merged first and then perform any necessary cleanup or improvements after that, otherwise this is going to hang around forever. This PR should only deal with the remaining build system issues and not try to do any larger code changes.

Member

nikic commented Jun 15, 2017

@Fleshgrinder Thanks for the review. Just a procedural note to avoid confusion: We'd like to get this merged first and then perform any necessary cleanup or improvements after that, otherwise this is going to hang around forever. This PR should only deal with the remaining build system issues and not try to do any larger code changes.

@Fleshgrinder

This comment has been minimized.

Show comment
Hide comment
@Fleshgrinder

Fleshgrinder Jun 15, 2017

Contributor

@nikic thanks for the heads up. In that case my remarks should be disregarded. I am happy to help with these smaller things, as some changes (e.g. type constraints) must be performed before the final release of 7.2 or they will result in a BC discussion.

Contributor

Fleshgrinder commented Jun 15, 2017

@nikic thanks for the heads up. In that case my remarks should be disregarded. I am happy to help with these smaller things, as some changes (e.g. type constraints) must be performed before the final release of 7.2 or they will result in a BC discussion.

@remicollet

This comment has been minimized.

Show comment
Hide comment
@remicollet

remicollet Jun 16, 2017

Contributor

Rather (commits squashed/ammended) remicollet@a784069

@paragonie-scott can you pull above commit into this PR ?

Contributor

remicollet commented Jun 16, 2017

Rather (commits squashed/ammended) remicollet@a784069

@paragonie-scott can you pull above commit into this PR ?

@nikic

This comment has been minimized.

Show comment
Hide comment
@nikic

nikic Jun 16, 2017

Member

@remicollet I've added you to the PHP organization, so you should be able to directly push to PRs in the future.

Member

nikic commented Jun 16, 2017

@remicollet I've added you to the PHP organization, so you should be able to directly push to PRs in the future.

@remicollet

This comment has been minimized.

Show comment
Hide comment
@remicollet

remicollet Jun 16, 2017

Contributor

@nikic thanks, will be very helpful

Contributor

remicollet commented Jun 16, 2017

@nikic thanks, will be very helpful

@paragonie-scott

This comment has been minimized.

Show comment
Hide comment
@paragonie-scott

paragonie-scott Jun 16, 2017

Contributor

@remicollet I got a lot of merge conflicts when I tried to pull your changes in. Would your rather send a superseding PR?

Contributor

paragonie-scott commented Jun 16, 2017

@remicollet I got a lot of merge conflicts when I tried to pull your changes in. Would your rather send a superseding PR?

@remicollet

This comment has been minimized.

Show comment
Hide comment
@remicollet

remicollet Jun 16, 2017

Contributor
Contributor

remicollet commented Jun 16, 2017

@remicollet

This comment has been minimized.

Show comment
Hide comment
@remicollet

remicollet Jun 19, 2017

Contributor

@paragonie-scott have you tried to merge my branch ? or only the single commit ?
The second should work...

wget https://github.com/remicollet/php-src/commit/a78406954f06ebc84cea396f20842f201ce8997d.patch
git am a78406954f06ebc84cea396f20842f201ce8997d.patch
Contributor

remicollet commented Jun 19, 2017

@paragonie-scott have you tried to merge my branch ? or only the single commit ?
The second should work...

wget https://github.com/remicollet/php-src/commit/a78406954f06ebc84cea396f20842f201ce8997d.patch
git am a78406954f06ebc84cea396f20842f201ce8997d.patch
@nikic

This comment has been minimized.

Show comment
Hide comment
@nikic

nikic Jun 23, 2017

Member

I've pushed remi's changes to the PR.

Member

nikic commented Jun 23, 2017

I've pushed remi's changes to the PR.

return;
}
if (len1 != len2) {
zend_throw_exception(sodium_exception_ce, "memcmp(): arguments have different sizes", 0);

This comment has been minimized.

@jhdxr

jhdxr Jun 29, 2017

Contributor

I think the message should be "memcmp(): arguments should have same size", since we tell users what we except, like other error messages in this file.

@jhdxr

jhdxr Jun 29, 2017

Contributor

I think the message should be "memcmp(): arguments should have same size", since we tell users what we except, like other error messages in this file.

@sgolemon

This comment has been minimized.

Show comment
Hide comment
@sgolemon

sgolemon Jun 29, 2017

Contributor

@jedisct1 I'm not sure how looped into the conversation you've been, I've been using @paragonie-scott as my go-between because I wasn't clear who owned ext-sodium, but the LICENSE issue is probably our main blockers at this point. Anything to do with fixing up the code can be addressed post-merge, but pulling in an extension that's not under the PHP license would be unprecedented, so we'd like if you could re-license the extension to the PHP license.

If that's a blocker for you, we can potentially take the BSD license as-is, but to quote part of the internals conversation on the topic:

"""We copy and paste code between extensions. If different extensions use different copyrights doing this "correctly" becomes complicated. If all PHP-related code is using PHP License and copyright by The PHP Group this becomes easier."""

Naturally, this would not impact the license of libsodium itself, and you would retain your place in the CREDITS file.

Contributor

sgolemon commented Jun 29, 2017

@jedisct1 I'm not sure how looped into the conversation you've been, I've been using @paragonie-scott as my go-between because I wasn't clear who owned ext-sodium, but the LICENSE issue is probably our main blockers at this point. Anything to do with fixing up the code can be addressed post-merge, but pulling in an extension that's not under the PHP license would be unprecedented, so we'd like if you could re-license the extension to the PHP license.

If that's a blocker for you, we can potentially take the BSD license as-is, but to quote part of the internals conversation on the topic:

"""We copy and paste code between extensions. If different extensions use different copyrights doing this "correctly" becomes complicated. If all PHP-related code is using PHP License and copyright by The PHP Group this becomes easier."""

Naturally, this would not impact the license of libsodium itself, and you would retain your place in the CREDITS file.

@nikic

This comment has been minimized.

Show comment
Hide comment
@nikic

nikic Jun 30, 2017

Member

@sgolemon As far as I'm aware relicensing of code is always tricky business requiring individual sign-off from all contributors. And what is being suggested here seems to go beyond a simple licensing change -- your quote also implies a transferal of copyright to the PHP group. I don't think that's a reasonable requirement, and it seems like even sketchier legal ground.

Member

nikic commented Jun 30, 2017

@sgolemon As far as I'm aware relicensing of code is always tricky business requiring individual sign-off from all contributors. And what is being suggested here seems to go beyond a simple licensing change -- your quote also implies a transferal of copyright to the PHP group. I don't think that's a reasonable requirement, and it seems like even sketchier legal ground.

@sgolemon

This comment has been minimized.

Show comment
Hide comment
@sgolemon

sgolemon Jun 30, 2017

Contributor

https://github.com/jedisct1/libsodium-php/graphs/contributors has 13 contributors. 7 of these are trivial contributions. Of the remaining 5 (not counting @jedisct1), it's: You, @paragonie-scott, and @remicollet who are all trivial to get sign-off from, leaving @xor-zz and @wlejon to track down. That's pretty minimal.

Do you have a better solution?

Contributor

sgolemon commented Jun 30, 2017

https://github.com/jedisct1/libsodium-php/graphs/contributors has 13 contributors. 7 of these are trivial contributions. Of the remaining 5 (not counting @jedisct1), it's: You, @paragonie-scott, and @remicollet who are all trivial to get sign-off from, leaving @xor-zz and @wlejon to track down. That's pretty minimal.

Do you have a better solution?

@wlejon

This comment has been minimized.

Show comment
Hide comment
@wlejon

wlejon Jun 30, 2017

the work I did was also trivial - but if you need something from me, I'm happy to provide.

wlejon commented Jun 30, 2017

the work I did was also trivial - but if you need something from me, I'm happy to provide.

@jedisct1

This comment has been minimized.

Show comment
Hide comment
@jedisct1

jedisct1 Jun 30, 2017

Contributor

I guess we don't have any choice to have that code merged. The PHP license can be added to the current one so that the code is dual licensed.

Contributor

jedisct1 commented Jun 30, 2017

I guess we don't have any choice to have that code merged. The PHP license can be added to the current one so that the code is dual licensed.

@sgolemon

This comment has been minimized.

Show comment
Hide comment
@sgolemon

sgolemon Jun 30, 2017

Contributor

@jedisct1 As I said, """If that's a blocker for you, we can potentially take the BSD license as-is""". The potential part of that means you're going to need to be present and responsive in the conversation, however. First, that means reading (which you don't seem to have) and responding (which you've done little of). @remicollet asked you to raise this issue on internals@ weeks ago and you neither responded to that here, nor raised the issue there.

Am I being a jerk about it right now? Yes. Because this RFC has been approved since February, yet at this rate we're going to end up hitting feature freeze without a merge because even the code review issues are being responded to in glacial time. I'm willing to clean the code up after merge, but licensing is important, and I'm not going to touch this code without a solid answer on licensing that protects the rest of php-src.

I'll translate your answer above as, "No, I refuse to change the license to PHP" which again, is fine. You also state you're willing to amend/qualify the license in some way, that's also doable. Unfortunately, I'm not a lawyer, and I'm also not the final authority for PHP. For both these reasons, this conversation needs to happen on the internals list.

Contributor

sgolemon commented Jun 30, 2017

@jedisct1 As I said, """If that's a blocker for you, we can potentially take the BSD license as-is""". The potential part of that means you're going to need to be present and responsive in the conversation, however. First, that means reading (which you don't seem to have) and responding (which you've done little of). @remicollet asked you to raise this issue on internals@ weeks ago and you neither responded to that here, nor raised the issue there.

Am I being a jerk about it right now? Yes. Because this RFC has been approved since February, yet at this rate we're going to end up hitting feature freeze without a merge because even the code review issues are being responded to in glacial time. I'm willing to clean the code up after merge, but licensing is important, and I'm not going to touch this code without a solid answer on licensing that protects the rest of php-src.

I'll translate your answer above as, "No, I refuse to change the license to PHP" which again, is fine. You also state you're willing to amend/qualify the license in some way, that's also doable. Unfortunately, I'm not a lawyer, and I'm also not the final authority for PHP. For both these reasons, this conversation needs to happen on the internals list.

@remicollet

This comment has been minimized.

Show comment
Hide comment
@remicollet
Contributor

remicollet commented Jun 30, 2017

@sgolemon

This comment has been minimized.

Show comment
Hide comment
@sgolemon

sgolemon Jun 30, 2017

Contributor

Or with threading for the whole picture: https://externals.io/thread/945 ;)

But again, please don't post responses here. Post them on internals@. If you post them here, then someone has to repeat your arguments there and that will just slow things down.

Contributor

sgolemon commented Jun 30, 2017

Or with threading for the whole picture: https://externals.io/thread/945 ;)

But again, please don't post responses here. Post them on internals@. If you post them here, then someone has to repeat your arguments there and that will just slow things down.

@jedisct1

This comment has been minimized.

Show comment
Hide comment
@jedisct1

jedisct1 Jul 1, 2017

Contributor

Ok, how do we change the license then?

Contributor

jedisct1 commented Jul 1, 2017

Ok, how do we change the license then?

@sgolemon

This comment has been minimized.

Show comment
Hide comment
@sgolemon

sgolemon Jul 2, 2017

Contributor

But again, please don't post responses here. Post them on internals@. If you post them here, then someone has to repeat your arguments there and that will just slow things down.

Contributor

sgolemon commented Jul 2, 2017

But again, please don't post responses here. Post them on internals@. If you post them here, then someone has to repeat your arguments there and that will just slow things down.

@paragonie-scott paragonie-scott referenced this pull request Jul 6, 2017

Closed

Licensing #127

13 of 13 tasks complete

@cmckni3 cmckni3 referenced this pull request Jul 6, 2017

Closed

HHVM Support #24

@paragonie-scott

This comment has been minimized.

Show comment
Hide comment
@paragonie-scott

paragonie-scott Jul 7, 2017

Contributor

We have unanimous consent from everyone who has contributed any changes to that repository, so let's make it happen.

Contributor

paragonie-scott commented Jul 7, 2017

We have unanimous consent from everyone who has contributed any changes to that repository, so let's make it happen.

@remicollet

This comment has been minimized.

Show comment
Hide comment
@remicollet

remicollet Jul 9, 2017

Contributor

@paragonie-scott can you please add the standard license headers and squash the commit ?

Contributor

remicollet commented Jul 9, 2017

@paragonie-scott can you please add the standard license headers and squash the commit ?

@paragonie-scott

This comment has been minimized.

Show comment
Hide comment
@paragonie-scott

paragonie-scott Jul 10, 2017

Contributor

@remicollet Done and done.

Contributor

paragonie-scott commented Jul 10, 2017

@remicollet Done and done.

@weltling

This comment has been minimized.

Show comment
Hide comment
@weltling
Contributor

weltling commented Jul 10, 2017

@paragonie-scott

This comment has been minimized.

Show comment
Hide comment
@paragonie-scott

paragonie-scott Jul 10, 2017

Contributor

Okay, will fix that ASAP.

Can we make all future corrections after it's merged?

Contributor

paragonie-scott commented Jul 10, 2017

Okay, will fix that ASAP.

Can we make all future corrections after it's merged?

@weltling

This comment has been minimized.

Show comment
Hide comment
@weltling

weltling Jul 10, 2017

Contributor

I don't mind, only mentioned this as it doesn't even compile on AppVeyor. No bikeshedding here :) I could fix it after it's merged as well.

Thanks.

Contributor

weltling commented Jul 10, 2017

I don't mind, only mentioned this as it doesn't even compile on AppVeyor. No bikeshedding here :) I could fix it after it's merged as well.

Thanks.

@remicollet

This comment has been minimized.

Show comment
Hide comment
@remicollet

remicollet Jul 11, 2017

Contributor

Thanks for you patience.

Merged

Contributor

remicollet commented Jul 11, 2017

Thanks for you patience.

Merged

@remicollet

This comment has been minimized.

Show comment
Hide comment
@remicollet

remicollet Jul 11, 2017

Contributor

BTW, can you check the "Authors" line in the header, I don't think this is correct

Contributor

remicollet commented Jul 11, 2017

BTW, can you check the "Authors" line in the header, I don't think this is correct

@remicollet remicollet closed this Jul 11, 2017

@remicollet

This comment has been minimized.

Show comment
Hide comment
@remicollet

remicollet Jul 11, 2017

Contributor

Hmm.. travis failure
E: Unable to locate package libsodium-dev

Despite seems to exist, https://packages.debian.org/search?keywords=libsodium&searchon=names

Contributor

remicollet commented Jul 11, 2017

Hmm.. travis failure
E: Unable to locate package libsodium-dev

Despite seems to exist, https://packages.debian.org/search?keywords=libsodium&searchon=names

@remicollet

This comment has been minimized.

Show comment
Hide comment
@remicollet
Contributor

remicollet commented Jul 11, 2017

@glensc glensc referenced this pull request Jul 21, 2017

Closed

[Meta] PHP 7.2 features #2907

1 of 7 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment