Public Service Announcement because this "feature" may affect some of you.
OTRS added a new method to validate packages. To achieve this they send package name and MD5 of every package to a validation server (https://pav.otrs.com/otrs/public.pl?Act ... rification).
(hint: they don't even ask you)
If the package is not validated by the xxx you get a warning that says something like this:
Title: Package not verified by the OTRS Group! It is recommended not to use this package.
Please note that issues that are caused by working with this package are not covered by OTRS service contracts!
Leaving aside the fact that you can simply override the Package.pm, your OTRS system is not connected to the internet or dosen't have LWP::Protocol::HTTPS installed this check is ridiculous.If you continue to install this package, the following issues may occur!
-Security problems
-Stability problems
-Performance problems
OTRS offers a check to "take full advantage of the OTRS package verification." for third party vendors. I can't even tell how much this hurts the OpenSource part in me .
At the moment we have no information where to get access for the "package check program", how it works, how much do we have to pay and so on... Hey OTRS what about some more infos on your webpage. *hint*hint*
The most critical point of this behaviour remains the fact that xxx collects data of your system(s) and what you do with it without asking for permission. Existence, IP and information about the usage of your system are sent and registered.
I don't even know if this is legal? Also the security part ist obviously easy to override, so it can't be the only/real reason.
Link to GitHub:
https://github.com/OTRS/otrs/blob/rel-3 ... e.pm#L1393
https://github.com/OTRS/otrs/blob/rel-3 ... e.pm#L1388
Release notes:
...
What's New
Updated Package Manager, that will ensure that packages to be installed meet the quality standards of OTRS Group. This is to guarantee that your package wasn’t modified, which may possibly harm your system or have an influence on the stability and performance of it. All independent package contributors will have to conduct a check of their Add-Ons by OTRS Group in order to take full advantage of the OTRS package verification.
...