Closed safecat closed 1 week ago
Sure let’s consider adding one place of configuration.
Here are my suggests:
https://deployer.org/check-updates/7.4.0
Add auto_check_update
config, false
by default, ask in dep init
and default answer is yes
https://deployer.org/api/stats
Add allow_anonymous_stats
config, false
by default, ask in dep init
and default answer is yes
. Environment variable DO_NOT_TRACK=true
is also accepted (with lower priority than config) to be compatible with old version user.
https://deployer.medv.io/banners/ Looks like deprecated, maybe remove directly?
This issue has been automatically closed. Please, open a discussion for bug reports and feature requests.
Read more: [https://github.com/deployphp/deployer/discussions/3888]
I recently started using Deployer 7.4 as a replacement for Fabric as my deployment tool, but I've noticed a delay of 1-5 seconds when executing tasks. After some investigation, I found that Deployer is making requests to three URLs during task execution:
Since I am in China, where access to foreign URLs is slower, these requests are causing the delay. The last two requests can be disabled through different environment variables (
DEPLOYER_BANNER
,DO_NOT_TRACK
), but the check for updates cannot be disabled.Based on issues #1196, #1477, and #3577, I suggest that you carefully consider the privacy implications of these three requests. Since the
allow_anonymous_stats
setting has been removed, users are not informed that Deployer will make these three requests by default, even after running thedep init
command. I suggest that in future updates, Deployer should avoid making these requests by default and instead add configuration options such asallow_anonymous_stats
,allow_banner
, andallow_check_update
. Additionally,dep init
could include prompts (with default answers being "yes"), and only after receiving explicit consent or finding an explicit declaration in the deployer.php script should these requests be sent.I appreciate your hard work, and I understand how these features contribute to the project's growth. However, as Deployer is now a well-known PHP open-source project, making external requests without consent could lead to significant privacy and security concerns. If you agree, I would be happy to submit a PR.
(Translated from Chinese by ChatGPT)
--
Chinese version:
我最近开始使用deployer 7.4替代fabric作为我的部署工具,但执行task时经常有1-5秒的卡顿,经过排查,我发现deployer在执行task时会请求三个地址:
我在中国,访问国外URL较慢,所以这三个请求造成了卡顿。后两个请求可以通过不同的环境变量(
DEPLOYER_BANNER
、DO_NOT_TRACK
)禁用,而检查更新的链接无法禁用。根据 #1196 #1477 #3577,我建议您慎重考虑这3个请求带来的隐私问题,由于
allow_anonymous_stats
设置已经被取消,即使通过dep init
命令也无法得知deployer会默认执行3个请求。我建议deployer在日后的更新中默认不做这3个请求,增加配置项allow_anonymous_stats
/allow_banner
/allow_check_update
,在dep init
中增加询问(默认答案可以是yes),仅在询问后得到肯定或deployer.php脚本中存在显式声明时才发送这些请求。感谢您的辛勤工作,我理解这些feature对项目成长的帮助。但deployer现在已经是一个著名的PHP开源项目,未经同意就请求外部链接可能造成严重的隐私和安全问题。如果您同意,我可以提交一个PR。
Upvote & Fund