On Nov 21, 2006, at 10:13 AM, Oswald Jaskolla wrote:
So, what do you think?
i hope you don't take this personally, by i'm *very* opposed to the kind of system you're building. the security implications of giving your website permission to overwrite itself automatically are *HORRIFYING*. i'd never install such a thing, and i'd never advocate anyone else should install such a thing. the kind of system i'm building is just an automated way to tell the human site admins: "your code is out of date" (and if true, "and insecure") and nag them mercilessly until they upgrade the stale module(s) to the latest, secure version(s). it's still the human's task to perform the upgrade itself. this manual upgrade could itself be further automated, but a high- privileged admin user must run this automated script themselves, just like they have to run update.php themselves. building and providing a tool that can "do it all" for you is asking for security hell, and therefore defeats the purpose of what i'm trying to accomplish (make it easier and therefore more likely for drupal sites to remain secure). anyway, i'm willing to coordinate, and further discuss design/ implementation issues, but i can't emphasize enough how bad i think a fully-automated system for upgrading a drupal site would be. maybe i'm misunderstanding your design/proposal, but after re-reading your message a few times, it's pretty clear you're marching down the path towards what i'd consider "the dark side". ;) sorry, -derek