Shopping Basket would rule... Downloading every add on separately takes muchos time, especially after the first install. I will get rating the addons, once they all work properly
This is open software, so the people that think there are an essential extension list could release their own version which had them pre-installed. I don't see why there couldn't be third-party releases. I could be wrong though?
Yeah, there really does have to be a shopping list or something.
As it is, its a bit of a pain to go through and download each extension you want one at a time. Maybe somebody could put together a system which would keep a listing of all the extensions in plain folder format, then once the user has selected the folders they wanted, it would make copies of those folders and zip them up into one file.
What bergamot said - I remember hearing something about another open source project that tried this and got hacked. Was it wordpress? I remember it was a big security hole nonetheless and caused lots of problems for lots of people.
SMF allow you to upgrade the core from the admin page, and to download and install add-ons as whell. He didn't think to the security in that way. I thought it was the best way to keep up to date. After having to update phpmyadmin 2 time in the same month, I was hoping for they would add this feature to it.
Never thought to the confidence you shouldn't have in that automatic updaters.
ps: a newsletter for security alerts and update for vanilla would be good.
I suggest the user should choose wether he wants core updates or only extensions. And before every update there may be a message "please make a backup" or maybe there is auto-backup for the forum (database).
For security I don't know what exactly could be a problem, but I have ideas: - Include checksums, stored read-only in another place than the official update script. - Copy update to a folder first so that the user forum doesn't need to have write access all along.
Doesn't Symphony do it? Is that what you meant by SMF?
The main thing I'd like is for the update extension to tell me when any of my extensions in the forum are updated in the directory. That would make it much easier to keep track.
I was hugely in favour of the drag-extensions-straight-through-the-forum-idea because i'd never considered the security risk. The only thing i can think of to try and increase security is to use something other than the http protocol to get the extensions (i.e. write something to actually connect to the central server and pull it through (ftp or some such)) but that's probably more work than ideal and i have no idea if it'd be more or less secure.
Comments
vivento posted that just after Mark, and probably didn't see Mark's post before posting.
Thats right, I did! So I didn't realise he had allready said that! (Sorry to disrupt the topic!)
As it is, its a bit of a pain to go through and download each extension you want one at a time. Maybe somebody could put together a system which would keep a listing of all the extensions in plain folder format, then once the user has selected the folders they wanted, it would make copies of those folders and zip them up into one file.
I would love that.
Never thought to the confidence you shouldn't have in that automatic updaters.
ps: a newsletter for security alerts and update for vanilla would be good.
And before every update there may be a message "please make a backup" or maybe there is auto-backup for the forum (database).
For security I don't know what exactly could be a problem, but I have ideas:
- Include checksums, stored read-only in another place than the official update script.
- Copy update to a folder first so that the user forum doesn't need to have write access all along.
The main thing I'd like is for the update extension to tell me when any of my extensions in the forum are updated in the directory. That would make it much easier to keep track.