search

jasonhinkle / php-gpg

GPG / PGP port written in pure PHP with no binary dependencies
116 stars 28 forks source link

phpDocs #28

Closed Maikuolan closed 8 years ago

Maikuolan commented 8 years ago

I'm playing around a little with the code at the moment on my local machine (haven't yet committed anything), and with that, thought I'd have a go at trying to do a bit of PSR and phpDoc work on it, if this is something you'd be okay with. :-)

(I've noticed, too, that certly was working on cleaning up some of the code; What was being done looked interesting, and a fair amount of work had already been done, but consequent commits have also since already been pushed to the parent, so, the fork doesn't seem to be automatically mergeable anymore).

I had a quick question, too, regarding one particular phpDoc comment in the code, currently located at GPG.php:L17.

* @copyright 1997-2012 VerySimple, Inc.

Should this be changed to:

* @copyright 1997-2016 VerySimple, Inc.

(To reflect that work is still currently being done on php-gpg), or left as is?

DanielRuf commented 8 years ago

I think * @copyright 1997-2016 VerySimple, Inc. and contributors makes sense.

Regarding phpDocs, this might be useful.

I do not know if we still need the dev branch as we have now builds and the difference between both are just the comments afaik.

I would wait with PSR. We still have at least one big problem, the usage of AES with the ECB mode, CBC mode would be moch more secure.

Generally I would like to migrate to https://github.com/singpolyma/openpgp-php or something else in the future but there are also some questions open https://github.com/singpolyma/openpgp-php/issues/19 as this has more features, is more secure.

I only use the library for personal projects like the honeypots to send me the encrypted files from the honeypot to prevent that antivirus scanners delete the attachment for further analysis.

I just need encryption and so the other features (which may also be a security risk like decryption using a private key in the sourcecode).

Scott is right https://github.com/jasonhinkle/php-gpg/issues/23

Maybe it makes sense to rename the library some time in the future to something like gpgencrypt or else but this is just my opinion about the name and not on the todo list.

I think it makes sense to join forces with Ian from Certly to fix the problems and merge the changes. https://github.com/iangcarroll https://twitter.com/iangcarroll

Maikuolan commented 8 years ago

Good points. I didn't realise @singpolyma had further progress with their repo (this is good news), and also, it would be disappointing to see the work done by @certly / @iangcarroll going to waste. All things considered (and that the other repo has more progress), I agree; It would make sense to eventually rename this to something like gpgencrypt or similar.

I'll hold off for the moment, then. :-)

(Thoughts, everyone? @jasonhinkle?)

Maikuolan commented 8 years ago

I'd forgotten that this issue was still open.

In lieu of recent news and developments related to this project, I don't think this issue is relevant anymore, and so, I'll close it now.

DanielRuf commented 8 years ago

Right. As collaborator I can do some things but not access the settings of the repository and other accounts for example the one at Composer.

I will definitely keep the repository published (this is also what I planned before) and have already added some information about the current status of the repository to the readme.

Other alternative libraries are much more secure, actively maintained and should be used for current and future projects.