[Typo3-typo3org] Comments on the mirroring concept

[Robert Lemke]

Michael Stucki wrote:
> I'm thinking about a new extension which provides black- and whitelists in
> order to let admins only install extensions which are allowed.
> 
> - Each mirror would hold a list of allowed/denied extensions (including
>   version ranges)
> 
> - The server admin (with write access to localconf.php) can explicitely
>   allow/deny and overrule the above suggestions. A TYPO3 site admin should
>   finally have no ways to change that.
> 
> What do you think about this?

I think that this a good idea generally. But to make this a safe solution
you can rely on, you have to make sure that the TYPO3 site admin has no
chance to introduce any PHP code himself, which is quite hard to
accomplish.

Usually when I have to give support on a site and I don't have access to the
install too, I just insert a PHP script by adding some TypoScript which
changes the install tool password in the localconf.php ...

-- 
robert