On 11/17/06, Derek Wright <drupal@dwwright.net> wrote:
i *really* want to get this data into the .info files ASAP so that there aren't many 5.x contribs out in the wild that are missing it. however, i don't want to just unilaterally decide the fields and format of the values without any input from the rest of you. so, please comment ASAP here:
Adding the extra information is a great idea...we have our own little repository / update system, and with a different "home", different sites could, for instance, keep different distributions up to date. HOWEVER, the phone home and XML-RPC stuff makes me *very* nervous from a security perspective. I would want to have some real hard core folks examine and document information flow end to end and looking for vulnerabilities -- ideally some external folks as well. We will need to review all Drupal.orgprocesses as well as the receiving code. There has been other talk about auto-downloading various information. Same comment there -- huge security risk, needs 100x as much review, and even then I'm nervous about it.... -- Boris Mann Vancouver 778-896-2747 San Francisco 415-367-3595 Skype borismann http://www.bryght.com