JanZerebecki added a comment. I'm all for getting rid of packagist.org for anything that is involved in developing and building for production wikidata.org for reliability and security reasons.
As to the why we use it: I wasn't involved in that decision, but I imagine simply because everyone else using composer is doing it. In https://phabricator.wikimedia.org/T96659#1223623, @thiemowmde wrote: > - Manual retriggers are possible on Packagist, but only for the owner. (Why? > Afraid of DoS? Doesn't make sense.) Only the owner can make releases, why would anyone else need to retrigger? There is a feature request for supporting multiple accounts instead of requiring one with shared password: https://github.com/composer/packagist/issues/461 > - https://packagist.org/profile/ (a crucial part of the documentation that's > not readable when you are not logged in; what a FAIL) explains how to set up > a "service hook". Selected actions on GitHub will then trigger Packagist. Please report this upstream ( https://github.com/composer/packagist ). TASK DETAIL https://phabricator.wikimedia.org/T96659 REPLY HANDLER ACTIONS Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign <username>. EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: JanZerebecki Cc: JanZerebecki, JeroenDeDauw, Tobi_WMDE_SW, Lydia_Pintscher, thiemowmde, Aklapper, Wikidata-bugs, aude _______________________________________________ Wikidata-bugs mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
