You could just not use composer in that case. MediaWiki core doesn't really require it (You can use the tarball vendor or mediawiki/vendor.git repo instead). There's maybe a couple of extensions that strongly encourage its use, but they are in the minority.
Ultimately composer is a package manager, running arbitrary code (whether directly or indirectly) is kind of the point. On Fri, Jun 30, 2023 at 12:13 PM Jeffrey Walton <[email protected]> wrote: > On Fri, Jun 30, 2023 at 3:04 PM Brian Wolff <[email protected]> wrote: > > > > You could install composer from its official website instead of using > the system package manager. It can be downloaded as a single .phar file. > > Thanks Brian. > > We don't want to switch hosting providers or download third party > stuff. In the case of Composer, we don't have the expertise to > evaluate it. Hence we rely on the distro. > > (I personally don't trust Composer because it is willing to run > arbitrary code. It's very sloppy in its security practices). > > Jeff > > > On Fri, Jun 30, 2023 at 11:42 AM Jeffrey Walton <[email protected]> > wrote: > >> > >> On Fri, Jun 30, 2023 at 12:47 PM Sam Reed <[email protected]> wrote: > >> > > >> > As per the MediaWiki version lifecycle[1], I would like to announce > the formal end of life (EOL) of MediaWiki 1.38 as of today, Friday June 30, > 2023. > >> > > >> > 1.38.7 is expected to be the last release for this branch. > >> > > >> > This means that MediaWiki 1.38 will no longer receive maintenance or > security backports. It is therefore strongly discouraged that you continue > to use it. > >> > > >> > It is recommended to upgrade either to MediaWiki 1.39 (LTS), which > will be supported until November 2025 or to 1.40 (released today), which > will be supported until June 2024. > >> > >> Is there a path available to folks who use MW 1.38 and have hosting > >> providers that only offer Ubuntu 20.04 with Composer 1? My testing > >> revealed we could not update to MW 1.39 because of the Composer 2 > >> requirement. > >> > >> I think our options are... we need to wait until our hosting provider > >> offers Ubuntu 22.04, or MediaWiki drops the Composer 2 requirement for > >> MW 1.39. > >> > >> It is an uncomfortable position to be in. > >> > >> Jeff > >> _______________________________________________ > >> MediaWiki-l mailing list -- [email protected] > >> To unsubscribe send an email to [email protected] > >> > https://lists.wikimedia.org/postorius/lists/mediawiki-l.lists.wikimedia.org/ >
_______________________________________________ MediaWiki-l mailing list -- [email protected] To unsubscribe send an email to [email protected] https://lists.wikimedia.org/postorius/lists/mediawiki-l.lists.wikimedia.org/
