[pkg-php-pear] Bug#979986: Please, drop composer dependency
David Prévot
taffit at debian.org
Tue Jan 12 16:05:37 GMT 2021
Source: civicrm
Severity: normal
X-Debbugs-Cc: pkg-php-pear at lists.alioth.debian.org
Hi Dmitry,
civicrm-common depends on composer, it seems like it is used as a
dynamic autoloader:
https://salsa.debian.org/debian/civicrm/-/blob/master/debian/autoload-vendor.php.tpl#L11
Please, do drop the dependency on composer and use proper static
autoloader(s) instead. There is work in progress to make that task
mostly automatic in the future, but relying on composer to make every
PHP library installed on the system available to civicrm seems like a
very bad idea (maybe even a security issue).
https://salsa.debian.org/php-team/pear/pkg-php-tools/-/merge_requests/6
Regards
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-php-pear/attachments/20210112/753fd994/attachment.sig>
More information about the pkg-php-pear
mailing list