#42824 closed enhancement (invalid)
Add https://github.com/WordPress/WordPress to packagist
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | General | Keywords: | |
| Focuses: | Cc: |
Description
Following on the great initiative to have wordpress gitified and available at https://github.com/WordPress/WordPress a request to add it to packagist.
I could add it myself, but then I would not be able to initiate a hook for automatic updates. If one of the administrators of https://github.com/WordPress/WordPress does it, then they could setup packagist to automatically pick up updates from github
Change History (6)
#3
@
8 years ago
- Milestone Awaiting Review deleted
Hey there
Thanks for creating this ticket still! This has come up plenty of times in the past, see #23912 and #36335 for examples.
We'll probably get there one day. For now, I recommend using a package like https://packagist.org/packages/johnpbloch/wordpress if you want to use WordPress via Composer.
#4
@
8 years ago
This is what I originally thought of using, but (no offence to the great work and intentions of Johnpbloch), it is a security issue having code that goes through the bottleneck of a single developer. Aka, if the owner of that github account had bad intentions, they could modify core code before shipping it.
Currently to overcome this risk we have our own registry that does the same thing and delivers a package of wordpress that we can use to install via composer: https://p4-composer-registry.greenpeace.org/#greenpeace/planet4-wordpress-upstream
Again, it is great for us, but for any third party it is an untrusted source.
But I am looking into stopping our own registry alltogether and just use wpackagist and packagist for everything. (in which case a package from the core would be the one I would trust to use).
Invalid as a composer.json file does not exist to start with, so automatic installation cannot happen.