Comments (17)
Composer and Packagist are interlinked in one sense, so I was trying not to be a jerk by abusing their resources any more than necessary. Maybe if included as an option for those who need/prefer it?
from phar-updater.
@borNfreee The naming is probably not brilliant here, but the strategy is more accurately Packagist w/ Github Releases as a download source. I should describe it better in the README.
The intent is fairly simple. You have an issue in a package release, so you yank it on Packagist, but forget to delete the Github Release (or intentially keep it as a reference). The self-update will currently work just as Composer will since we interrogate Packagist. If we instead took Github as the primary authority for package releases, we would miss this and potentially update to problematic releases.
from phar-updater.
Does it matter that much? We'll be putting less load on Packagist website and I don't think it matters that much for users to be able to update to new releases within 1st hour of it's creation.
from phar-updater.
to me that actually makes a difference - when i tag a release, usually i want to use the stuff in a timely manner, and not wait an hour
from phar-updater.
Different people, different use cases.
Considering there is only 1 maintainer on a project (the issue wasn't reviewed in 1 year) and that maintainer isn't looking at GitHub much lately I'm not sure what can be done here.
You can use regular approach:
- fork a repo
- create branch with needed changes
- use that repo/branch in your
composer.json
from phar-updater.
thats a dirty solution, the right approach would be to make a PR so @padraic can merge it in.
from phar-updater.
Of course, but issue wasn't touched in a year. What you think are the odds of that PR being merged.
I like FOSS, but when lead project maintainer have no time to maintain it and haven't appointed a replacement maintainer then project is as good as dead and people would start to make changes in forks to at least get it going for them.
from phar-updater.
The #9 for example is a show stopper for all PHP < 5.6 users. And that issue wasn't addressed as well.
from phar-updater.
to be fair, while i did still report #9 , it already was closing in on php 5.5's end-of-support date, and is now almost end-of-life, so < 5.6 shouldn't be used anymore anyways, so thats not THAT big of a deal.
from phar-updater.
I'm also not comfortable with a current implementation with 1h delay as @ppetermann, so at least an option would be very useful to choose between two URL.
But going further, why not just use Github API? Why packagist is envolved in the github strategy?
I mean, this github's API can be used instead: https://api.github.com/repos/humbug/humbug/releases
from phar-updater.
I agree that packagist is the right source for this. I just think the api would be more useful
from phar-updater.
Looks like Packagist.com increased max-age. s-maxage is currently set to 12 hours.
curl -I https://packagist.org/packages/webflo/drush-shim.json
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: public, s-maxage=43200
Strict-Transport-Security: max-age=31104000
X-Frame-Options: DENY
Access-Control-Allow-Origin: *
Date: Tue, 25 Jul 2017 15:39:12 GMT
from phar-updater.
Created a PR to use the other URL. #51
from phar-updater.
I've approved @webflo's PR. We have a stack of other PRs and such for next major/minor release, so I'll let @theofidry chip in on whether this should be taken to the 1.0
branch for a patch release given the 12 hour switch.
from phar-updater.
I can have a look at it this weekend, can't do before
from phar-updater.
@theofidry np :)
from phar-updater.
@padraic @theofidry Thanks, for the response. I fix the test later today.
from phar-updater.
Related Issues (20)
- Manifest file -based strategy HOT 1
- Obey HTTP_PROXY environment variables HOT 1
- Checking hasUpdate() should not require is_writable for phar file. HOT 6
- SHA-1 is no longer secure HOT 1
- HHVM errors with PharException HOT 2
- Composer split VersionParser into Semver
- Calls to getNewVersion() can double Packagist requests
- Update README for SHA256 strategy
- Document or resolve git metadata when attached to versions HOT 1
- Remove humbug_get_contents HOT 1
- Check rollback unnecessary message
- PHAR signatures: Implement method to migrate private keys used for signing releases?
- humbug_get_contents() is deprecated HOT 3
- Check post-update that temp pubkey is deleted
- Unsigned PHAR testing
- Simplify usage
- Security check fail with "padraic/humbug_get_contents" old version 1.0.4 HOT 6
- always wondered - why is privkey.pem included in repo? HOT 2
- Current project status HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from phar-updater.