I moved file on our website [1] and it's working. If I change it to https we have time out issue as well. When file was used from my server I also used https and it was working.
Can we just use that location [1] and we will have installer working ? [1] http://flex.apache.org/installer/apache-flex-sdk-installer-config.xml Thanks, Piotr pon., 11 cze 2018 o 09:31 Justin Mclean <jus...@classsoftware.com> napisał(a): > No I'm not suggesting that. AFAIK it's only the config text file that Prior > wants to host. > > On Mon., 11 Jun. 2018, 8:47 am Alex Harui, <aha...@adobe.com.invalid> > wrote: > > > Justin, > > > > Are you suggesting that we distribute a binary artifact from our project > > website? Do other projects do that? > > > > -Alex > > > > On 6/10/18, 10:27 PM, "Justin Mclean" <jus...@classsoftware.com> wrote: > > > > Hi, > > > > > I'm talking about that file [1]. What kind of security issues do > you > > > exactly see if I move that file on my server ? > > > > Well if someone changed the paths in those files, our users could > > unwitting be made to download walware or other stuff. Risk is probably > low > > but I have no details on the server this file is going on, for instance > it > > it a dedicated server or one that contains shared hosts for instance. > What > > other services are running on this server? How is the file > uloaded/updated > > on that server? What security is in place to stop others modifying that > > file? If it located in Poland is that going to cause performance issues > for > > people outside of Europe? What happens if the server falls overs can > > someone on the PMC restart it? Will the rest of the PMC have access to > this > > server? Might be best to answer on the private list if you don’t want > > details about your server made public. > > > > Perhaps a better solution would be to host them on the Apache Flex > > website as currently we do for [1] which the installer gets. Is it too > hard > > to have a > > > https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fflex.apache.org%2Finstaller%2FXXX%2Fsdk-installer-config-4.0.xml&data=02%7C01%7Caharui%40adobe.com%7Cbe3b60c824884a383f7d08d5cf5c1704%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636642916791710330&sdata=CUrCENwFIuMoAtvJnjoNXT9o41rbsXGXojcwa5QH%2Bys%3D&reserved=0 > , > > were XXX if the flex version number as well? Given the issue is only with > > 4.16.0 and 4.16.1that’s only two files we would need to host there. That > > way access and security are handled by ASF infrastructure and we don’t > have > > to worry about them. > > > > Thanks, > > Justin > > > > 1. > > > https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fflex.apache.org%2Finstaller%2Fsdk-installer-config-4.0.xml&data=02%7C01%7Caharui%40adobe.com%7Cbe3b60c824884a383f7d08d5cf5c1704%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636642916791710330&sdata=2ld9NbW8Uar2ARRbaXv14uQ1cNN2U2ZIxWjqpnJdqX0%3D&reserved=0 > > > > > > > > > -- Piotr Zarzycki Patreon: *https://www.patreon.com/piotrzarzycki <https://www.patreon.com/piotrzarzycki>*