[development] RFC: letting modules phone home to check for new releases
Gerhard Killesreiter
gerhard at killesreiter.de
Wed Nov 22 01:42:34 UTC 2006
Derek Wright wrote:
>
> On Nov 21, 2006, at 10:13 AM, Oswald Jaskolla wrote:
>
>> So, what do you think?
>
> i hope you don't take this personally, by i'm *very* opposed to the kind
> of system you're building.
>
> the security implications of giving your website permission to overwrite
> itself automatically are *HORRIFYING*. i'd never install such a thing,
> and i'd never advocate anyone else should install such a thing.
The underlying idea is so silly I'd not want us to host the resulting
code on drupal.org.
> the kind of system i'm building is just an automated way to tell the
> human site admins: "your code is out of date" (and if true, "and
> insecure") and nag them mercilessly until they upgrade the stale
> module(s) to the latest, secure version(s). it's still the human's task
> to perform the upgrade itself.
That's a nice thing and very useful. Do you plan to check if a module
has been altered after download, too?
Cheers,
Gerhard
More information about the development
mailing list