Ouch, thanks for wasting a few of my brain cells. This is why do dont add stupid code to core.
My web server doesnt have curl installed, nor does it have /usr/bin/local/ You havent bothered to think your code through. Why dont you un-fuck your code, configure it as an extension and go from there? at that point you can find out exactly how many site your going to break. Once you have a stable reviewed extension we can *think* about merging it to core. On Wed, Jun 11, 2014 at 11:21 AM, Tyler Romeo <[email protected]> wrote: > On Wed, Jun 11, 2014 at 11:05 AM, Zack Weinberg <[email protected]> wrote: > > > Well, it makes *me* wince because you're directing people to pull code > > over the network and feed it straight to the PHP interpreter, probably > > as root, without inspecting it first. And the site is happy to send > > it to you via plain HTTP, which means a one-character typo gives an > > active attacker a chance to pwn your entire installation. > > > > It's over HTTPS. As long as you trust that getcomposer.org is the domain > you are looking for, this is really no different than installing via a > package manager. > > *-- * > *Tyler Romeo* > Stevens Institute of Technology, Class of 2016 > Major in Computer Science > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
