Will any of the Vanilla Addons ever come with the default download?

Krak

I like the shopping cart idea.

a_magical_me

Indeed.

0bvious

Shopping Basket would rule... Downloading every add on separately takes muchos time, especially after the first install. I will get rating the addons, once they all work properly

imathis

Fine with me... just don't call it a shopping basket. Ack!

Jake

Mark just said that there will not be any add-ons added to the core, ever. I really doubt that this is up for debate.

      vivento posted that just after Mark, and probably didn't see Mark's post before posting.

Thats right, I did! So I didn't realise he had allready said that! (Sorry to disrupt the topic!)

krush

You could just add a *few* of the addons to the core... Only joking! ;) Everyone that has used an addon give it a rating.. :)

JoshuaJenkins

This is open software, so the people that think there are an essential extension list could release their own version which had them pre-installed. I don't see why there couldn't be third-party releases. I could be wrong though?

jesusphreak

Yeah, there really does have to be a shopping list or something.

As it is, its a bit of a pain to go through and download each extension you want one at a time. Maybe somebody could put together a system which would keep a listing of all the extensions in plain folder format, then once the user has selected the folders they wanted, it would make copies of those folders and zip them up into one file.

I would love that.

kalikiana

What about copying extensions straight onto ones forum? That would be coool!

Bergamot

There's a security risk involved with letting a link insert arbitrary php code into the extensions folder.

Mark

What bergamot said - I remember hearing something about another open source project that tried this and got hacked. Was it wordpress? I remember it was a big security hole nonetheless and caused lots of problems for lots of people.

Dinoboff

SMF allow you to upgrade the core from the admin page, and to download and install add-ons as whell. He didn't think to the security in that way. I thought it was the best way to keep up to date. After having to update phpmyadmin 2 time in the same month, I was hoping for they would add this feature to it.

Never thought to the confidence you shouldn't have in that automatic updaters.

ps: a newsletter for security alerts and update for vanilla would be good.

Bergamot

It bugs me at the back of my head though; there just has to be a way to do this sort of thing securely.

kalikiana

I suggest the user should choose wether he wants core updates or only extensions.
And before every update there may be a message "please make a backup" or maybe there is auto-backup for the forum (database).

For security I don't know what exactly could be a problem, but I have ideas:
- Include checksums, stored read-only in another place than the official update script.
- Copy update to a folder first so that the user forum doesn't need to have write access all along.

giginger

How does Text Pattern do it? To add addons to that system don't you copy some text or something? It's been a while since I've looked at that system.

Ben

Doesn't Symphony do it? Is that what you meant by SMF?

The main thing I'd like is for the update extension to tell me when any of my extensions in the forum are updated in the directory. That would make it much easier to keep track.

nathan

SMF = small machine forums I think. Symphony does do this though.

Roguefoxx

SMF = Simple Machines Forums

nathan

close. I knew it was something like that. Thanks for clearing it up/

Minisweeper

I was hugely in favour of the drag-extensions-straight-through-the-forum-idea because i'd never considered the security risk. The only thing i can think of to try and increase security is to use something other than the http protocol to get the extensions (i.e. write something to actually connect to the central server and pull it through (ftp or some such)) but that's probably more work than ideal and i have no idea if it'd be more or less secure.