New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Please consider to deprecate MCrypt usage #3

Closed
remicollet opened this Issue Jul 7, 2015 · 4 comments

Comments

Projects
None yet
4 participants
@remicollet

remicollet commented Jul 7, 2015

Zend\Crypt\Symmetric\MCrypt rely on libmcrypt and php-mcrypt/

Libmcrypt is a dead cow, unmaintained for ~8 year, rely on such things can't be serious.

I understand it is not easy to drop such feature, especially for applications using ZF2, but probably it could be possible to deprecate this class, to encourage user to switch to something else, and to be able to drop it later.

@remicollet

This comment has been minimized.

Show comment
Hide comment
@remicollet

remicollet commented Jul 7, 2015

@Ocramius

This comment has been minimized.

Show comment
Hide comment
@Ocramius

Ocramius Jul 7, 2015

Member

This can most probably be done for zend-crypt 3.x

Member

Ocramius commented Jul 7, 2015

This can most probably be done for zend-crypt 3.x

@gianarb

This comment has been minimized.

Show comment
Hide comment
@gianarb

gianarb Jul 7, 2015

Yes.. We can maintain this feature into the 2.* and we remove it to 3.*

gianarb commented Jul 7, 2015

Yes.. We can maintain this feature into the 2.* and we remove it to 3.*

@ezimuel

This comment has been minimized.

Show comment
Hide comment
@ezimuel

ezimuel Jul 16, 2015

Member

@remicollet I know that libmcrypt is basically a dead project but there was not good alternative in PHP at that time. I'm considering to switch to openssl for ZF 3.x but we should continue to mantain the MCrypt extension for ZF 2.x, until we don't find security issue on it.

Member

ezimuel commented Jul 16, 2015

@remicollet I know that libmcrypt is basically a dead project but there was not good alternative in PHP at that time. I'm considering to switch to openssl for ZF 3.x but we should continue to mantain the MCrypt extension for ZF 2.x, until we don't find security issue on it.

@ezimuel ezimuel closed this Jul 16, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment