- Issue created by @phenaproxima
- π§πͺBelgium wim leers Ghent π§πͺπͺπΊ
Given Drupal core release managers have indicated this is a hard requirement β¦ updating issue metadata accordingly.
This is AFAICT hard-blocked on #3325040: [Packaging Pipeline] Securely sign packages hosted on Drupal.org using the TUF framework and Rugged β too. Once π Add a validator to check that PHP-TUF's Composer integration is present and configured correctly Fixed lands, this will be down to
PP-1. - Assigned to phenaproxima
- π§πͺBelgium wim leers Ghent π§πͺπͺπΊ
π Add a validator to check that PHP-TUF's Composer integration is present and configured correctly Fixed is in.
@phenaproxima Can we already get a patch/MR in place? π€
- πΊπΈUnited States phenaproxima Massachusetts
Not until PHP-TUF (both the library and the plugin) are published on Packagist.
- π§πͺBelgium wim leers Ghent π§πͺπͺπΊ
Right, but I mean an outline of a MR that shows which code would need to change. While it's still fresh in your head.
I would not expect this MR to pass obviously!
- last update
over 1 year ago Composer require failure - @phenaproxima opened merge request.
- Issue was unassigned.
- π§πͺBelgium wim leers Ghent π§πͺπͺπΊ
Splendid! π€©
Thanks π
- Status changed to Needs work
4 months ago 9:24am 14 September 2024 - π¬π§United Kingdom catch
https://packagist.org/packages/php-tuf/ should mean this is unblocked?
- π¬π§United Kingdom catch
I think this still might only be partially implemented in package_manager - we need to figure out exactly what's left to do here.
- πΊπΈUnited States cmlara
Setting as postponed on upstream https://github.com/php-tuf/composer-integration/issues/127
As discovered in π Manually test TUF-enabled Composer projects Active in even basic lab deployments the plug-in causes an excessive increase in memory consumption.
