sneakyimp |
09-30-2015 01:27 PM |
Quote:
Originally Posted by ceyx
(Post 5427624)
could you not try installing from git ?
|
As I originally posted, the installation instructions for php-opencloud on github say one MUST user composer:
Quote:
You must install this library through Composer
|
To install without composer is probably not especially difficult, but the composer.json file says there are a number of dependencies. I'm not sure if I can get away with just require or whether I need require-dev. I'm also not sure what the simple path names mean in there. For instance, what does guzzle/guzzle refer to? Are these github partial paths? Can anyone help me decipher this composer.json file?
Code:
{
"name": "rackspace/php-opencloud",
"description": "PHP SDK for Rackspace/OpenStack APIs",
"keywords": ["rackspace", "openstack", "opencloud", "swift", "nova"],
"type": "library",
"license": "Apache-2.0",
"authors": [
{
"name": "Jamie Hannaford",
"email": "jamie.hannaford@rackspace.com",
"homepage" : "https://github.com/jamiehannaford"
}
],
"autoload": {
"psr-0": {
"OpenCloud": ["lib/", "tests/"]
}
},
"require": {
"php" : ">=5.4",
"guzzle/guzzle" : "~3.8",
"psr/log": "~1.0",
"mikemccabe/json-patch-php": "~0.1"
},
"require-dev" : {
"phpunit/phpunit": "4.3.*",
"phpspec/prophecy": "~1.4",
"satooshi/php-coveralls": "0.6.*@dev",
"jakub-onderka/php-parallel-lint": "0.*",
"fabpot/php-cs-fixer": "1.0.*@dev",
"apigen/apigen": "~4.0"
}
}
Quote:
Originally Posted by ceyx
(Post 5427624)
I didn't like the idea of composer either, but have come to like it well enough.
|
It's easy to understand the allure. Getting dependencies in place is a chore. This makes it easier. HOWEVER, it seems abundantly clear that devs are all too willing to trust other convenient packages without making any attempt to check that those other packages are in fact trustworthy. For something like access to my rackspace cloud account, that is unacceptable. PHP-opencloud has my account credentials. Security is important.
Quote:
Originally Posted by ceyx
(Post 5427624)
Install it to a VM, and toast it if you don't like what you see :)
|
This is more or less what I was getting at, but I still need the right commands to monitor exactly which files are changed. How do I know, for instance, that /etc/passwd hasn't been accessed or changed?
|