Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-71421

Move php-sodium recommendation back to requirement




      In the 3.11 requirements issues (MDL-69308 and MDL-70363) it was initially agreed to make the php-sodium extension a requirement for Moodle.

      But, in the very same issues, it was finally decided to lower it to be only a recommendation and that was done @ MDL-71420.

      Part of that issue and the decisions taken was that the "lowering" was only a temporal solution and, as soon as a new LTS was released (4.1), the requirement would be back, removing the current fallback (less strong crypto-code) allowing Moodle to work without php-sodium.

      For more information about the discussions and rationale for the changes, please visit the linked issues.

      So this is issue is about to:
      1) Make php-sodium a requirement for 4.2 (1st version after LTS).

      2) Final removal of the fallback code @ lib/classes/encryption.php

      3) Consider what to do with the decrypt() method that may need to continue supporting the openssl fallback forever. Alternatively is to convert, in upgrade, all the encrypted contents to the new, sodium, alternative, but I'm not sure if that's possible.

      Note this will need to be linked to the "4.2 moodle requirements" issue whenever it becomes created.


        Issue Links



              Unassigned Unassigned
              stronk7 Eloy Lafuente (stronk7)
              Matteo Scaramuccia, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
              0 Vote for this issue
              8 Start watching this issue