<br><br><div><span class="gmail_quote">On 11/17/06, <b class="gmail_sendername">Derek Wright</b> <<a href="mailto:drupal@dwwright.net">drupal@dwwright.net</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>i *really* want to get this data into the .info files ASAP so that<br>there aren't many 5.x contribs out in the wild that are missing it.<br>however, i don't want to just unilaterally decide the fields and<br>format of the values without any input from the rest of you. so,
<br>please comment ASAP here:<br><br><a href="http://drupal.org/node/94154">http://drupal.org/node/94154</a></blockquote><div><br><br>Adding the extra information is a great idea...we have our own little repository / update system, and with a different "home", different sites could, for instance, keep different distributions up to date.
<br><br>HOWEVER, the phone home and XML-RPC stuff makes me *very* nervous from a security perspective. I would want to have some real hard core folks examine and document information flow end to end and looking for vulnerabilities -- ideally some external folks as well. We will need to review all
<a href="http://Drupal.org">Drupal.org</a> processes as well as the receiving code.<br><br>There has been other talk about auto-downloading various information. Same comment there -- huge security risk, needs 100x as much review, and even then I'm nervous about it....
<br></div></div><br>-- <br>Boris Mann<br>Vancouver 778-896-2747<br>San Francisco 415-367-3595<br>Skype borismann<br><a href="http://www.bryght.com">http://www.bryght.com</a>