On 2 August 2010 00:29, Aryeh Gregor <Simetrical+wikilist(a)gmail.com> wrote:
On Sun, Aug 1, 2010 at 6:27 PM, K. Peachey
<p858snake(a)yahoo.com.au> wrote:
> So every-time someone that creates/modifies a
extension wants to
> update its version number? which is why it was recommended to go wiki
> base, but that as well has it flaws.
I really don't think it would be a good idea to
allow unvetted code to
be downloaded and installed automatically. That's too easy for an
attacker to abuse. But it's probably a reasonable tradeoff for some
people. I don't know, I'm probably not going to be working on this
anytime soon, so I don't make the decisions.
That's how WordPress does it - pretty much everyone runs WP with a
metric buttload of extensions, so they're in the phoning home and
one-click update cycle too. MediaWiki tends to get festooned with
extensions as well, so users would probably like this in there.
A quick glance at the WP site docs didn't answer the question of how
(or if) they secure this process. Asking would probably be good
(whoever's doing the updater work).
- d.