(almost?) every phpbb source file contain this line:DavidIQ wrote:I'm pretty familiar with the license but have no idea what relevancy you think the license has with "at your own risk".
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
which in itself contains:
i painted a small portion of it to help you understand the relevancy of the license to "at your own risk".GPL wrote:NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
this is not precise.DavidIQ wrote:They don't hint at internet attacks but they certainly give you ample warnings of security/stability problems before letting you install something not from their site which was what I was referring to:
they do not prevent you from installing stuff *not from their site*.
they prevent you from installing stuff from site *you yourself did not declare as safe*.
this is exactly what i suggest phpbb should do: allow users to declare as safe sources for installation.
as to signing:
i am absolutely in favor of supporting signing of packages (though i myself have little to no knowledge how to do it).
you might have noticed that the signing of firefox extension *is not done by mozilla* but by the extension author.
this signature's validity is 100% unrelated to the question whether you downloaded the extension from mozilla or from somewhere else.
if you figure out how to support signing, i strongly suggest that phpbb will issue a stern warning before installing an unsigned plugin, regardless of whether this plugin was downloaded from phpbb.com or elsewhere.
not only this is not "punishing", but this is *exactly* my initial proposition that you are so fiercely arguing against.DavidIQ wrote:If we follow FF's example, we'd allow the searching of MODs and styles from phpbb.com and perform automatic download and installation all from an interface in the admin panel and still allow for installation of non-phpbb.com items by providing a spot for the user to maybe paste a link to the external MOD or Style instead. I don't see how that's "punishing" anyone.
i suggested to allow the user to define additional plugin sources, and once those are defined (*by the user*), treat them the same as the central repository of plugins.
so, if i understand the last quote correctly, there is absolutely no argument between us...
peace.