[ciapug] phar
Colin Burnett
cmlburnett at gmail.com
Tue Sep 2 19:10:13 CDT 2008
On Tue, Sep 2, 2008 at 2:19 PM, Eric Junker <eric at eric.nu> wrote:
> Has anyone had a chance to play around with phar?
> http://us.php.net/phar
I have to admit that my first response was: oh my god..... *gasp*.
Reading some of the details it seems basically like a rip-off of
Java's JAR. Files plus manifest with optional signature. Except
JAR's signature cryptographically ensures the integrity where as
phar's signature is basically just a checksum (which I see no reason
why it couldn't be maliciously changed). I don't know java nor JARs
so that's from my understanding of wikipedia.
I look forward to the Wikipedia article on "phar hell" to match JAR
hell and DLL hell. Especially since there's nothing in the phar to
indicate version of the contents. It would appear the PHP team
learned nothing of DLL hell (I hope they've heard of it otherwise
history *will* repeat itself again) and why .NET has assemblies and a
GAC.
When you reinvent the wheel...don't forget the axle!
Colin
More information about the ciapug
mailing list