On 11/22/06, Darren Oh <darrenoh@sidepotsinternational.com> wrote:
On Nov 22, 2006, at 5:04 PM, Darrel O'Pry wrote:
> write perms to modules directory from drupal as web server user is
> really hard for me to swallow....
>
> any package managers like script should be run from the command
> line as
> a privileged user. should do it's set job and be bullet proof.
Let's not forget that very few users use the command line to work
with Drupal. Let's also not make unnecessary assumptions about how an
automated module install or upgrade would work. The security issues
will be worked out if people share more ideas for how it can be done
than for how it can't be done.
It's likely that the best path is command line tools first -- "the market" can build whatever GUI tools are desired on top of it. At some point, some of those may make it to Drupal directly, but taking the responsibility for remote upgrades is not something I would not necessarily want to expose the community to.
Lots of people are still thinking about individual websites. Think Fantastico and other host scripts that can drive command line hooks into Drupal as privileged users.
Other options -- like pointing your website at different repositories (supported by Derek's outlined framework) -- are also taken into consideration.
Oswald was asking to collaborate. The negative reactions give the
impression that some people would rather work on their own. Not very
open source. Am I missing some history here?