Make WordPress Core

Opened 8 years ago

Closed 8 years ago

Last modified 2 years ago

#42824 closed enhancement (invalid)

Add https://github.com/WordPress/WordPress to packagist

Reported by: kkoyan's profile kkoyan Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:

Description

Following on the great initiative to have wordpress gitified and available at https://github.com/WordPress/WordPress a request to add it to packagist.
I could add it myself, but then I would not be able to initiate a hook for automatic updates. If one of the administrators of https://github.com/WordPress/WordPress does it, then they could setup packagist to automatically pick up updates from github

Change History (6)

#1 @kkoyan
8 years ago

  • Resolution set to invalid
  • Status changed from new to closed

#2 @kkoyan
8 years ago

Invalid as a composer.json file does not exist to start with, so automatic installation cannot happen.

#3 @swissspidy
8 years ago

  • Milestone Awaiting Review deleted

Hey there

Thanks for creating this ticket still! This has come up plenty of times in the past, see #23912 and #36335 for examples.

We'll probably get there one day. For now, I recommend using a package like https://packagist.org/packages/johnpbloch/wordpress if you want to use WordPress via Composer.

#4 @kkoyan
8 years ago

This is what I originally thought of using, but (no offence to the great work and intentions of Johnpbloch), it is a security issue having code that goes through the bottleneck of a single developer. Aka, if the owner of that github account had bad intentions, they could modify core code before shipping it.

Currently to overcome this risk we have our own registry that does the same thing and delivers a package of wordpress that we can use to install via composer: https://p4-composer-registry.greenpeace.org/#greenpeace/planet4-wordpress-upstream
Again, it is great for us, but for any third party it is an untrusted source.

But I am looking into stopping our own registry alltogether and just use wpackagist and packagist for everything. (in which case a package from the core would be the one I would trust to use).

This ticket was mentioned in Slack in #core-php by clorith. View the logs.


6 years ago

Note: See TracTickets for help on using tickets.