[development] RFC: letting modules phone home to check for new releases

Gerhard Killesreiter gerhard at killesreiter.de
Wed Nov 22 01:42:34 UTC 2006

Derek Wright wrote:
> On Nov 21, 2006, at 10:13 AM, Oswald Jaskolla wrote:
>> So, what do you think?
> i hope you don't take this personally, by i'm *very* opposed to the kind 
> of system you're building.
> the security implications of giving your website permission to overwrite 
> itself automatically are *HORRIFYING*.  i'd never install such a thing, 
> and i'd never advocate anyone else should install such a thing.

The underlying idea is so silly I'd not want us to host the resulting 
code on drupal.org.

> the kind of system i'm building is just an automated way to tell the 
> human site admins: "your code is out of date" (and if true, "and 
> insecure") and nag them mercilessly until they upgrade the stale 
> module(s) to the latest, secure version(s).  it's still the human's task 
> to perform the upgrade itself.

That's a nice thing and very useful. Do you plan to check if a module 
has been altered after download, too?


More information about the development mailing list