On 09/09/16 11:30, Niklas Keller wrote: >> Back to PEAR ... what happens if I simply install a copy of composer >> > centrally and rename it 'PEAR'. > > Why rename it to PEAR? It's a different tool. Just call it Composer as it's > named.
My point was just that as has already been established. composer can do the same thing as PEAR. All that matters is that everybody is working from the same global installation. The composer.json/composer.lock that controls a particular installed application is secure to that application not an individuals account. >> > composer.phar simply gets installed >> > centrally and any new tech has access without having to install their >> > own copy. > > That's entirely fine as said. New tech should still install their own > version of the repository and install the dependencies there. Then you have never had a full security audit of your systems! A new user should NEVER install their own version of anything relating to the running system. THAT is a potential hole in the security of the system. The new user should simply be given access to the locked down code already installed. -- Lester Caine - G8HFL ----------------------------- Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
