On Fri, Jul 30, 2010 at 10:28 PM, K. Peachey <p858snake(a)yahoo.com.au> wrote:
I would highly unrecommended having the update
feature in there, we
already highly recommend against running as a db user with certain
admins rights amongst other things, this feature will probably end up
breaking more installs then updating (and yes I know wordpress has it,
and I know how many times i've had to fix their botch updates), and
not all installs would have the required modules that it needs
(cURL/wGet comes to mind on IIS setups which some people use). Nor
should we be assigning the update right or giving messages to the
admin group by default, since most people that are admins are non
technical and will just click any bright button that has messages
along the lines of "omg update me now" without thinking if it will
break something (Perhaps we should un-deprecate the developer
usergroup for this).
If I'm interpreting this right, you're saying that upgrades can break
stuff, so people should stick to versions with known security flaws.
This is a defensible position in practice, but it doesn't justify
making upgrades unnecessarily hard. It would be a good thing if
typical admins could easily upgrade, without needing FTP access and so
forth. If they choose not to, that's their choice, but if they want
to upgrade, they should be able to do so easily.
On Fri, Jul 30, 2010 at 10:55 PM, K. Peachey <p858snake(a)yahoo.com.au> wrote:
You would also need to be vigilant and make sure
people don't
vandalize the information, For example if a spam version change got
entered and broke someones installed.
Any kind of auto-update mechanism should be hardcoded to retrieve only
from a specific Wikimedia URL and only over HTTPS, and the contents of
that URL should only be changeable by sysadmins. Or at least the
checksum should be retrieved that way.