[pkg-php-pear] Bug#979986: Please, drop composer dependency

David Prévot taffit at debian.org
Tue Jan 12 16:05:37 GMT 2021


Source: civicrm
Severity: normal
X-Debbugs-Cc: pkg-php-pear at lists.alioth.debian.org

Hi Dmitry,

civicrm-common depends on composer, it seems like it is used as a
dynamic autoloader:

https://salsa.debian.org/debian/civicrm/-/blob/master/debian/autoload-vendor.php.tpl#L11

Please, do drop the dependency on composer and use proper static
autoloader(s) instead. There is work in progress to make that task
mostly automatic in the future, but relying on composer to make every
PHP library installed on the system available to civicrm seems like a
very bad idea (maybe even a security issue).

https://salsa.debian.org/php-team/pear/pkg-php-tools/-/merge_requests/6

Regards

David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-php-pear/attachments/20210112/753fd994/attachment.sig>


More information about the pkg-php-pear mailing list