On Mon, Nov 3, 2008 at 11:00 AM, Ryan Boren <[EMAIL PROTECTED]> wrote: > We go through pains to make sure we're compatible with a secure site. > Unlike other upgraders, it does not require that files be writable by > the webserver. Nor does it change permissions via FTP so that files > can be written by the webserver.
These two statements are fundamentally at odds here. If the files are not writable by the webserver, then they cannot be overwritten by a copy operation. In other words, if owner does not have +w, then it fails. > We try to make sure direct is used only when files created by the webserver > have the same owner as the WP files. In other words, upgrade core only uses direct in cases where you're running suPHP (or similar method)? While this is many hosts, it's certainly not *all* hosts. And even then, it's generally not a good idea to leave your files writable. True, the webserver is running as the owner, so it can change permissions too, but many scripts don't do that. And some popular plugins (notably WP-Super-Cache) actively warns against it in those cases, as it complains that the files are writable by the webserver. -Otto _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
