Jump to content

Talk:Requests for comment/Streamlining Composer usage

About this board

Start a new topic
You are not logged in. To receive attribution with your name instead of your IP address, you can log in or create an account.

Review of stated problems

One comment • 01:59, 6 August 2015 9 years ago
1
BDavis (WMF) (talkcontribs)

I'm not sure that I agree with any of the stated problems other than https://phabricator.wikimedia.org/T88211

  • Double review seems theoretical
  • Autoloader updates are automated by composer in either case
  • Cross extension dependencies are not solved by automating Composer builds are they?

Am I incorrect in this analysis?

Reply Edited by Legoktm 01:59, 6 August 2015 9 years ago
Reply to "Review of stated problems"

Composer security

One comment • 22:36, 5 August 2015 9 years ago
1
MModell (WMF) (talkcontribs)

According to https://github.com/composer/composer/issues/38 it would appear that composer does have some rudimentary verification of downloaded tarballs, in the sense that packagist publishes an sha of the download and then composer verifies that the file downloaded from github matches that hash.

Reply 22:36, 5 August 2015 9 years ago
Reply to "Composer security"
There are no older topics
Retrieved from "https://www.mediawiki.org/wiki/Talk:Requests_for_comment/Streamlining_Composer_usage"