[development] RFC: letting modules phone home to check for new releases

Boris Mann boris at bryght.com
Thu Nov 23 17:53:03 UTC 2006

On 11/22/06, Darren Oh <darrenoh at sidepotsinternational.com> wrote:
> On Nov 22, 2006, at 5:04 PM, Darrel O'Pry wrote:
> > write perms to modules directory from drupal as web server user is
> > really hard for me to swallow....
> >
> > any package managers like script should be run from the command
> > line as
> > a privileged user. should do it's set job and be bullet proof.
> Let's not forget that very few users use the command line to work
> with Drupal. Let's also not make unnecessary assumptions about how an
> automated module install or upgrade would work. The security issues
> will be worked out if people share more ideas for how it can be done
> than for how it can't be done.

It's likely that the best path is command line tools first -- "the market"
can build whatever GUI tools are desired on top of it. At some point, some
of those may make it to Drupal directly, but taking the responsibility for
remote upgrades is not something I would not necessarily want to expose the
community to.

Lots of people are still thinking about individual websites. Think
Fantastico and other host scripts that can drive command line hooks into
Drupal as privileged users.

Other options -- like pointing your website at different repositories
(supported by Derek's outlined framework) -- are also taken into

Oswald was asking to collaborate. The negative reactions give the
> impression that some people would rather work on their own. Not very
> open source. Am I missing some history here?

No, you're not....you're missing frustration with a core (in both senses of
the word) group of people who have played nice and developed stuff directly
for the core of Drupal, undergoing excruciating levels of issue threads to
have all their work torn apart and improved upon. And then someone drops in
with an alternate system.

What would have been nice: Review the existing threads, post new issues
pointing to sandbox / module code, and integrate. That can still
happen....there is likely some good code to be integrated.

Secondly, Oswald didn't cover much in the nature of security. That's what I
put my 2¢ in on....security, security, security.

Boris Mann
Vancouver 778-896-2747
San Francisco 415-367-3595
Skype borismann
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20061123/f152781c/attachment.htm 

More information about the development mailing list