- Issue created by @phenaproxima
- πΊπΈUnited States phenaproxima Massachusetts
Adding another backportable (we hope) issue from core that will remove any need for us to do chmod() stuff in a Composer script.
Drupal core 11.2.3 landed a few improvements to Package Manager that make it automatically use a copy of Composer packaged locally with the project (i.e., with composer/composer as a dependency). We should absolutely take advantage of these improvements, as they make Package Manager quite a bit easier to get started with.
When it comes out, require Drupal 11.2.3 or later (^11.2.3) in the project template, along with composer/composer:^2.8. Then roll a new release of drupal/cms. This can go into a patch release of Drupal CMS 1.2.x.
The cPanel-ready project template should not have the Composer dependency, because that would put Composer's executable(-ish) files into the web root, and that is a security risk. We need a further change in core before we can do that.
Postponed
General
Adding another backportable (we hope) issue from core that will remove any need for us to do chmod() stuff in a Composer script.