On Sun, Aug 1, 2010 at 6:27 PM, K. Peachey <p858snake(a)yahoo.com.au> wrote:
No I'm saying not to use a automated update
version within a extension
which for example has been shown to break things in other web based
packages (Wordpress has apparently fixed it since the horrible times
when i last attempted).
I don't follow you.
What about the maintenance scripts people have
to run? such as the updater, alot of people on shared hosting can't do
those as it is without re-running the installer since they aren't
allowed ssh access and ours aren't designed to be run from within the
browser window.
Obviously, that would be changed.
So every-time someone that creates/modifies a
extension wants to
update its version number? which is why it was recommended to go wiki
base, but that as well has it flaws.
I really don't think it would be a good idea to allow unvetted code to
be downloaded and installed automatically. That's too easy for an
attacker to abuse. But it's probably a reasonable tradeoff for some
people. I don't know, I'm probably not going to be working on this
anytime soon, so I don't make the decisions.