Ouch, thanks for wasting a few of my brain cells. This is why do dont add
stupid code to core.
My web server doesnt have curl installed, nor does it have /usr/bin/local/
You havent bothered to think your code through. Why dont you un-fuck your
code, configure it as an extension and go from there? at that point you can
find out exactly how many site your going to break. Once you have a stable
reviewed extension we can *think* about merging it to core.
On Wed, Jun 11, 2014 at 11:21 AM, Tyler Romeo <tylerromeo(a)gmail.com> wrote:
On Wed, Jun 11, 2014 at 11:05 AM, Zack Weinberg
<zackw(a)cmu.edu> wrote:
Well, it makes *me* wince because you're
directing people to pull code
over the network and feed it straight to the PHP interpreter, probably
as root, without inspecting it first. And the site is happy to send
it to you via plain HTTP, which means a one-character typo gives an
active attacker a chance to pwn your entire installation.
It's over HTTPS. As long as you trust that
getcomposer.org is the domain
you are looking for, this is really no different than installing via a
package manager.
*-- *
*Tyler Romeo*
Stevens Institute of Technology, Class of 2016
Major in Computer Science
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l