On Nov 21, 2006, at 5:54 PM, Sammy Spets wrote:
The file must be manually created prior to the upgrade though a way to generate the file is provided.
you lost me. ;) if the admin has to manually type in the random key to allow the "automatic" update to do its thing, what's the point of calling it "automatic" and giving the website filesystem write access to clobber itself? why not just say "human intervention is REQUIRED"? 1) put site into system maintenance mode 2) backup DB and filesystem 3) run some "fetch_latest.php" script that knows all your installed modules, downloads the updated tarballs, unpacks them into place, etc 4) run update.php 5) test to make sure life is good 6) leave system maintenance mode and return to live operation. i'm happy to see steps #2 and #3 as automated as possible, but #3 should definitely run as the high-privileged admin's uid, not the uid of the webserver process itself. anything less would be uncivilized... ;) -derek