Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:95817 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 80444 invoked from network); 8 Sep 2016 23:19:48 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 8 Sep 2016 23:19:48 -0000 Authentication-Results: pb1.pair.com header.from=me@daveyshafik.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=me@daveyshafik.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain daveyshafik.com from 209.85.220.177 cause and error) X-PHP-List-Original-Sender: me@daveyshafik.com X-Host-Fingerprint: 209.85.220.177 mail-qk0-f177.google.com Received: from [209.85.220.177] ([209.85.220.177:36686] helo=mail-qk0-f177.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 46/78-61313-312F1D75 for ; Thu, 08 Sep 2016 19:19:47 -0400 Received: by mail-qk0-f177.google.com with SMTP id z190so50203257qkc.3 for ; Thu, 08 Sep 2016 16:19:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=daveyshafik-com.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=Ogh2XGf34Z4upwfWZLiM9XDyHhb1JOBnjVvku+QCovo=; b=kgtynR1U+VOX5MVe/vPcNHopE24aKvkCyQf9kdBCHxKfLh9BIkfnVhAR7nugiXh6eY r6JSVpZwDgX9P1uGoUz78nlj7/NPw5WJ8y2wxexryUYMgRVlkThUjDDpmtus7+hxsAVK J57M7VsxojUwu9oplaq6fTbotilE7BOZ4V+nnvD+QY9NvUe9/khaR2vSGQ79ecZmrhav rsS57jGNMIIzZY7g5QdqJha7ss8eY2DyHJ1h5ax51ucIS1V6GEu0eE6jnmFQkSCeRoeW +6N0hzpw/7Lo4UsKIzuXu6XLiROo7lZD9KhSGf+wlAKVoKbuQOBUU84C6mw2hw9xn63Q wcFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=Ogh2XGf34Z4upwfWZLiM9XDyHhb1JOBnjVvku+QCovo=; b=OzIpn4o138bkFAqvB5/T4jfWoZ9GQ76TPfW3LZxvkNCG0LL4xYHW4ijufTR08Z3Ojh yCr3EgxezLR6L2CndXoYUuYZwZTZRKgDD46IKh7eETTJ+8wCHeRvE3arPB15O8Bt+DfV 3jbcPFlGy6Pg/QzhhJSRMiL7jAiIhVq1fFkwHElIV5yXTVIRMhuMkjIFUyvcPWJsk5nq W7MAicX/pHLhU4i3u8owuG8A/1fjoH+flljD8qk3PS+XmTECCa8G53XgrJON3Y+2Vfq/ LWHc8pAYpcHFOW9sE5xmfj9YJQcoTcEdvdDAA5P57VtICx8+XjZ8hxw/8XXycNel89Q/ pidw== X-Gm-Message-State: AE9vXwMhzXYTeUhdJ2ypC8e8fE4pYjf5CwLHnh/JQe+lYBYB3AekSZ9jvV5IG3HtByAIRMLr7Lghdnem5Rxnyy/z X-Received: by 10.55.215.207 with SMTP id t76mr605999qkt.152.1473376784800; Thu, 08 Sep 2016 16:19:44 -0700 (PDT) MIME-Version: 1.0 Sender: me@daveyshafik.com Received: by 10.237.50.161 with HTTP; Thu, 8 Sep 2016 16:19:44 -0700 (PDT) In-Reply-To: <9bc67943-4b45-ba8c-6edd-f6560fd233d5@lsces.co.uk> References: <04998da0-6344-0b8b-c69a-411400e340ba@lsces.co.uk> <1473323097.1378681.719308017.2139F909@webmail.messagingengine.com> <8493a9dd-1f0e-f15f-3651-0278cf25234b@lsces.co.uk> <3ec68c67-a4de-1727-c3c8-e8fcacd95f0c@lsces.co.uk> <9bc67943-4b45-ba8c-6edd-f6560fd233d5@lsces.co.uk> Date: Thu, 8 Sep 2016 16:19:44 -0700 X-Google-Sender-Auth: eJp6TIKaRKWRkcFbbwwCcJgTCg8 Message-ID: To: Lester Caine Cc: "internals@lists.php.net" Content-Type: multipart/alternative; boundary=001a1149b404e0ff86053c074319 Subject: Re: [PHP-DEV] [RFC] Deprecate PEAR/PECL & Replace withcomposer/pickle From: davey@php.net (Davey Shafik) --001a1149b404e0ff86053c074319 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Thu, Sep 8, 2016 at 3:18 PM, Lester Caine wrote: > On 08/09/16 18:40, Larry Garfield wrote: > > Note: Whether that is a good trend or bad trend I will not claim, and > > that is largely irrelevant. But that is where the river is running, an= d > > trying to swim upstream against it is not going to be very effective. > > Trying to swim against the tide of M$ 'improvements' has been something > I've been doing since 1992. Silly little things like when you remote > access a local server which in addition to serving web pages is also > displaying the information on monitors, and creating announcements via > the PA system. Does the M$ remote desktop offering still switch off the > local sound card 'to improve the remote performance'? I still use VNC > simply to ensure the locals site is NOT brought down. And the local > technicians have to log in via their own accounts so unless care is > taken, NONE of the shares or tools they need are available because of > the move to secure activity between accounts. ALL of the work being cone > by these machines is central, and every user needs to see the same set > of tools, and file system. They do not need to live in their own little > world secure from other technicians and they ALL need to see the same > desktop. > > Of cause where sites are not being heavily audited for security we can > stick up two fingers and the only active user is root - totally > politically incorrect - but it prevents the bulk of the problems caused > when some 'developer' screws up something global after a Linux update. There is a fundamental difference of approach here. In the modern approach, the ideal is easy replication of _exact_ environment somewhere else. Whether that be your laptop and desktop machines, your machine, and your team members, or your machine and a cloud providers ephemeral instance. Or, in this case: between users on the _same_ machine. The point of the composer.lock file is that a "composer install" command will installs the _exact_ same versions everywhere. Even if it's coming from VCS, it'll record and install the same commit everywhere. It even records the shasum of the versioned package, so that if the server replaces it then you'll know. The primary issue in your case is that you're duplicating the files for each user. There is nothing stopping you putting the code in a single place and doing a composer install then making sure all the users can access it, whether through symlinks, or just simple permissions (and possibly PATH changes). In your case, I think the reason you are centralizing is because you want to ensure nobody touches the file =E2=80=94 this is more about security and= lack of trust, than anything else. Typically, there is more security in this approach, as nothing is owned or run as root. Anyway, this is far off topic IMO. This RFC isn't going to kill PEAR (any deader than it already is :P) it will simply unbundle it from core. If you want to continue using it, then by all means do so. And ignore the potential fact that composer/pickle may be bundled instead. - Davey --001a1149b404e0ff86053c074319--