Ouch, thanks for wasting a few of my brain cells. This is why do dont add stupid code to core.
My web server doesnt have curl installed, nor does it have /usr/bin/local/
You havent bothered to think your code through. Why dont you un-fuck your code, configure it as an extension and go from there? at that point you can find out exactly how many site your going to break. Once you have a stable reviewed extension we can *think* about merging it to core.
On Wed, Jun 11, 2014 at 11:21 AM, Tyler Romeo tylerromeo@gmail.com wrote:
On Wed, Jun 11, 2014 at 11:05 AM, Zack Weinberg zackw@cmu.edu wrote:
Well, it makes *me* wince because you're directing people to pull code over the network and feed it straight to the PHP interpreter, probably as root, without inspecting it first. And the site is happy to send it to you via plain HTTP, which means a one-character typo gives an active attacker a chance to pwn your entire installation.
It's over HTTPS. As long as you trust that getcomposer.org is the domain you are looking for, this is really no different than installing via a package manager.
*-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l