Re: Installer is Timing Out.

Sun, 10 Jun 2018 23:47:51 -0700 

Justin,

Are you suggesting that we distribute a binary artifact from our project 
website?  Do other projects do that?

-Alex

On 6/10/18, 10:27 PM, "Justin Mclean" <jus...@classsoftware.com> wrote:

    Hi,
    
    > I'm talking about that file [1]. What kind of security issues do you
    > exactly see if I move that file on my server ?
    
    Well if someone changed the paths in those files, our users could unwitting 
be made to download walware or other stuff. Risk is probably low but I have no 
details on the server this file is going on, for instance it it a dedicated 
server or one that contains shared hosts for instance. What other services are 
running on this server? How is the file uloaded/updated on that server? What 
security is in place to stop others modifying that file? If it located in 
Poland is that going to cause performance issues for people outside of Europe? 
What happens if the server falls overs can someone on the PMC restart it? Will 
the rest of the PMC have access to this server? Might be best to answer on the 
private list if you don’t want details about your server made public. 
    
    Perhaps a better solution would be to host them on the Apache Flex website 
as currently we do for [1] which the installer gets. Is it too hard to have a 
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fflex.apache.org%2Finstaller%2FXXX%2Fsdk-installer-config-4.0.xml&data=02%7C01%7Caharui%40adobe.com%7Cbe3b60c824884a383f7d08d5cf5c1704%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636642916791710330&sdata=CUrCENwFIuMoAtvJnjoNXT9o41rbsXGXojcwa5QH%2Bys%3D&reserved=0,
 were XXX if the flex version number as well? Given the issue is only with 
4.16.0 and 4.16.1that’s only two files we would need to host there. That way 
access and security are handled by ASF infrastructure and we don’t have to 
worry about them.
    
    Thanks,
    Justin
    
    1. 
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fflex.apache.org%2Finstaller%2Fsdk-installer-config-4.0.xml&data=02%7C01%7Caharui%40adobe.com%7Cbe3b60c824884a383f7d08d5cf5c1704%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636642916791710330&sdata=2ld9NbW8Uar2ARRbaXv14uQ1cNN2U2ZIxWjqpnJdqX0%3D&reserved=0

Reply via email to