Gentoo Archives: gentoo-dev

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-dev@l.g.o
Subject: Re: mcrypt status (Re: [gentoo-dev] Idea for a new project: gentoo-libs)
Date: Sat, 04 Aug 2018 15:26:06
In Reply to: Re: mcrypt status (Re: [gentoo-dev] Idea for a new project: gentoo-libs) by "Hanno Böck"
1 On 2018-08-04 16:29, Hanno Böck wrote:
2 >> Do you have any evidence that mcrypt should not be used?
3 > Well, PHP was as far as I'm aware its main user and PHP has declared
4 > mcrypt support to be deprecated a while ago.
6 In all fairness:
8 Yes, PHP project has removed ext/mcrypt from core, but they only
9 moved it into an own PECL extension. My point here is, that they
10 did not drop and prune mcrypt from universe due to security
11 vulnerabilities.
13 Anyone interested in this should read the following posting [1].
15 tl;dr
16 Like most crypto libs, mcrypt isn't easy to use and you will
17 likely do something wrong. In favor of a better solutions which
18 should prevent such a misuse, mcrypt was deprecated.
21 See also:
22 =========
23 [1]
26 --
27 Regards,
28 Thomas Deutschmann / Gentoo Linux Developer
29 C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5


File name MIME type
signature.asc application/pgp-signature