Re: MediaWiki version statistics
Aryeh Gregor <Simetrical+wikilist <at> gmail.com>
2010-08-01 18:14:03 GMT
On Fri, Jul 30, 2010 at 10:28 PM, K. Peachey <p858snake <at> yahoo.com.au> wrote:
> I would highly unrecommended having the update feature in there, we
> already highly recommend against running as a db user with certain
> admins rights amongst other things, this feature will probably end up
> breaking more installs then updating (and yes I know wordpress has it,
> and I know how many times i've had to fix their botch updates), and
> not all installs would have the required modules that it needs
> (cURL/wGet comes to mind on IIS setups which some people use). Nor
> should we be assigning the update right or giving messages to the
> admin group by default, since most people that are admins are non
> technical and will just click any bright button that has messages
> along the lines of "omg update me now" without thinking if it will
> break something (Perhaps we should un-deprecate the developer
> usergroup for this).
If I'm interpreting this right, you're saying that upgrades can break
stuff, so people should stick to versions with known security flaws.
This is a defensible position in practice, but it doesn't justify
making upgrades unnecessarily hard. It would be a good thing if
typical admins could easily upgrade, without needing FTP access and so
forth. If they choose not to, that's their choice, but if they want
to upgrade, they should be able to do so easily.
On Fri, Jul 30, 2010 at 10:55 PM, K. Peachey <p858snake <at> yahoo.com.au> wrote:
> You would also need to be vigilant and make sure people don't
> vandalize the information, For example if a spam version change got
> entered and broke someones installed.
Any kind of auto-update mechanism should be hardcoded to retrieve only
from a specific Wikimedia URL and only over HTTPS, and the contents of