Mikel Artetxe <[email protected]> writes: > However, I think that the https thing is important here. As said > before, the java language pair packages include bytecode for transfer, > so a code injection attack would be possible in a man-in-the-middle > schema. IIRC this was discussed in another thread. In Mitzuli I > implemented a signature verification mechanism to prevent them but, > without that, the only secure solution is to use https. But maybe it's > just that I'm too paranoid about these things and we shouldn't worry > too much about it!
Considering Apertium is one of the few FOSS translators that you can run offline (and the only you can run on your phone?), Apertium might be especially appealing to people who have reason to be paranoid. [...] > But, all I need is an svn revision. If someone tells me > apertium-x-y at revision N is the latest release, that's > sufficient. I don't even look at .tar.gz bundles or copies made in > /tags, but those are nice for other people and uses. > > > This might be off topic but I am interested on that! I have always > thought that releases were the tarballs in the sourceforge files, so > released language pairs would be those with a tarball there and also > the ones in trunk. But then there are some language pairs that are in > trunk but don't have a tarball (like apertium-hbs-mkd) and some others > that have a tarball but are not in trunk (like apertium-ht-en). Could > somebody clarify that? Hm, not sure why hbs-mkd (née sh-mk) doesn't have a tarball. Odd. ht-en is not really release quality. I guess the safest thing is to take the intersection :-) -- Kevin Brubeck Unhammer GPG: 0x766AC60C
signature.asc
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Apertium-stuff mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/apertium-stuff
