On Thu, 3 Apr 2003, Dan Kalowsky wrote: > On Thursday, April 3, 2003, at 03:46 PM, Wez Furlong wrote: > > How many third-party extensions are out there that have been compiled > > by > > someone other than our official snaps machine/Edin? > > How long have they been available? > > What about mirrors carrying win32 binaries for PHP itself? > Because it's already in practice doesn't automatically mean it's > necessarily correct either.
The point is that there has been plenty of opportunity for someone to screw up in the past; continuing as we are does not increase the risk. > Because we have a pear command to download and install the binaries is > exactly the reason why we have to be careful. If you are now > auto-installing binaries without administrator interaction (beyond the > 'get me this extension' idea), there had better be a way to check the > authenticity of a binary once it's been downloaded. You will find that, in practice, the administrator will be the person running the pear command under win32. > You're right there is nothing we can nor should do to stop idiots from > installing unofficial extensions. But we can and should provide a > means for an administrator to verify authenticity. What's to stop > someone from claiming "go ahead install this extension, it's from PHP > website I downloaded ABC ago"? Yes I realize it's a bad admin > practice, but I also realize it happens (and sometimes it's policy). But that is no different from the current situation. (And thus not inherently more dangerous) > I disagree with regards to signatures, they are not useful for > mirroring only. > > I'm not arguing the reliability of the code, I'm arguing towards the > validity of the download. The validity of the download is partly what I am referring to when I mention mirroring. > > So, its a pretty safe bet that any binaries built by the official > > php.net snaps machine are "certified". So why not make them available > > via snaps.php.net? > > Go ahead make them available. I'd much rather seem them signed and > certified before they are made available though. I think that you will have to settle for signed and implicitly certified when the infrastructure is in place, unless someone volunteers to review every line of code in every pecl package each time it is updated. For now, I see no reason not to make them available (provided that its not too much effort for Edin to set up the build env on the snaps machine). --Wez. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
