On Thu, 3 Apr 2003, Dan Kalowsky wrote: > I'm of the opinion that once we start down this path it cannot be > retracted. Thus, we should take every step possible to ensure it is done > right, and not in a half-assembled manner as this proposal requests.
How is this different from building any of the other extensions as DLLs and including them in the snapshot? > You're right that it's a moot point for 4.3. But if we ever hope to have > PECL seen as a useful feature/functionality, now is the time to provide a > stable framework, not after something has gone wrong (and it doesn't have > to be from something we/PHP have done). The potential for damage that > this can cause is high. It's typically harder to re-gain trust, and this > is the cause of my hesitation to opening this up. How many third-party extensions are out there that have been compiled by someone other than our official snaps machine/Edin? How long have they been available? What about mirrors carrying win32 binaries for PHP itself? Just because we have a pear command to install the binaries, it doesn't make things any more dangerous than they were before - the end user could always, at any time, download and install a bogus extension. We are not responsible for them doing that, and I don't see how our image could suffer from an idiot installing software from an unofficial mirror, just because we have a command line tool that helps them install it. They need to have enough brains to know the command exists, and then have enough brains to *type* the URL for the non-PHP.net site that carries the package. They could even install it by hand. Signatures are useful for mirroring purposes only; they just indicate the binary has not been tampered with since it was signed. The signature does not assert anything about the reliability of the code, unless we put into place a full blown audit of all PECL packages and sign with a different certificate. This will probably become too much of a burden for our volunteer network, particularly as PECL grows. However, since a great many people watch the CVS, any outright malicious code would be detected immediately. So, its a pretty safe bet that any binaries built by the official php.net snaps machine are "certified". So why not make them available via snaps.php.net? We only really need digital signatures on officially released packages. --Wez. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
