On Fri, Jul 30, 2010 at 10:28 PM, K. Peachey p858snake@yahoo.com.au wrote:
I would highly unrecommended having the update feature in there, we already highly recommend against running as a db user with certain admins rights amongst other things, this feature will probably end up breaking more installs then updating (and yes I know wordpress has it, and I know how many times i've had to fix their botch updates), and not all installs would have the required modules that it needs (cURL/wGet comes to mind on IIS setups which some people use). Nor should we be assigning the update right or giving messages to the admin group by default, since most people that are admins are non technical and will just click any bright button that has messages along the lines of "omg update me now" without thinking if it will break something (Perhaps we should un-deprecate the developer usergroup for this).
If I'm interpreting this right, you're saying that upgrades can break stuff, so people should stick to versions with known security flaws. This is a defensible position in practice, but it doesn't justify making upgrades unnecessarily hard. It would be a good thing if typical admins could easily upgrade, without needing FTP access and so forth. If they choose not to, that's their choice, but if they want to upgrade, they should be able to do so easily.
On Fri, Jul 30, 2010 at 10:55 PM, K. Peachey p858snake@yahoo.com.au wrote:
You would also need to be vigilant and make sure people don't vandalize the information, For example if a spam version change got entered and broke someones installed.
Any kind of auto-update mechanism should be hardcoded to retrieve only from a specific Wikimedia URL and only over HTTPS, and the contents of that URL should only be changeable by sysadmins. Or at least the checksum should be retrieved that way.