On Wed, Jun 11, 2014 at 11:05 AM, Zack Weinberg <[email protected]> wrote:
> Well, it makes *me* wince because you're directing people to pull code > over the network and feed it straight to the PHP interpreter, probably > as root, without inspecting it first. And the site is happy to send > it to you via plain HTTP, which means a one-character typo gives an > active attacker a chance to pwn your entire installation. > It's over HTTPS. As long as you trust that getcomposer.org is the domain you are looking for, this is really no different than installing via a package manager. *-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
