On 11/17/06, Derek Wright <drupal@dwwright.net> wrote:

i *really* want to get this data into the .info files ASAP so that
there aren't many 5.x contribs out in the wild that are missing it.
however, i don't want to just unilaterally decide the fields and
format of the values without any input from the rest of you.  so,
please comment ASAP here:

http://drupal.org/node/94154


Adding the extra information is a great idea...we have our own little repository / update system, and with a different "home", different sites could, for instance, keep different distributions up to date.

HOWEVER, the phone home and XML-RPC stuff makes me *very* nervous from a security perspective. I would want to have some real hard core folks examine and document information flow end to end and looking for vulnerabilities -- ideally some external folks as well. We will need to review all Drupal.org processes as well as the receiving code.

There has been other talk about auto-downloading various information. Same comment there -- huge security risk, needs 100x as much review, and even then I'm nervous about it....

--
Boris Mann
Vancouver 778-896-2747
San Francisco 415-367-3595
Skype borismann
http://www.bryght.com