On Sun, Aug 1, 2010 at 6:27 PM, K. Peachey <[email protected]> wrote: > No I'm saying not to use a automated update version within a extension > which for example has been shown to break things in other web based > packages (Wordpress has apparently fixed it since the horrible times > when i last attempted).
I don't follow you. > What about the maintenance scripts people have > to run? such as the updater, alot of people on shared hosting can't do > those as it is without re-running the installer since they aren't > allowed ssh access and ours aren't designed to be run from within the > browser window. Obviously, that would be changed. > So every-time someone that creates/modifies a extension wants to > update its version number? which is why it was recommended to go wiki > base, but that as well has it flaws. I really don't think it would be a good idea to allow unvetted code to be downloaded and installed automatically. That's too easy for an attacker to abuse. But it's probably a reasonable tradeoff for some people. I don't know, I'm probably not going to be working on this anytime soon, so I don't make the decisions. _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
