merch-redmine / jeremyevans.net wrote:
> normalperson (Eric Wong) wrote:
> >  While I don't care for #crypt, I'd like to move some tiny exts
> >  like fiber, io/wait, io/nonblock directly into core; because
> >  DSOs increase memory usage and slow down startup:
> >  
> >  	https://udrepper.livejournal.com/8790.html

> Note that DSOs only increase memory usage and slow down
> startup if they are actually used.  This would increase memory
> usage and slow down startup for users of String#crypt.
> However, this would decrease memory usage and speed up startup
> for the 99.9%+ of ruby users that do not use String#crypt,
> since it would result in a smaller libruby.

Problem is right now we have no idea how many people use
String#crypt and how they will be affected by its deprecation.
It will take several years to know that, as we have seen
regressions which don't get reported for several releases
because distros (and users) are slow to upgrade.

Even with deprecation warnings, it can be too annoying to some
regular users who don't write code and just run some Ruby apps.

There's a lot of stuff I'd remove from Ruby to reduce footprint
and startup times first :)

> Note that not removing String#crypt also has risks.  Mainly it
> risks unsuspecting users using it without understanding that
> doesn't really provide security.  I think we are doing a
> disservice to those users by basically promoting an insecure
> approach.  Most code that would be broken by the removal of
> String#crypt is insecure and should probably be updated.

I don't disagree, but we need to educate developers, first;
instead of just annoying _users_ who don't write or maintain code.

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>