* Juiceman <[EMAIL PROTECTED]> [2006-07-31 18:10:35]: > > I think this makes sense from a scalablity view, but is this a good > idea to have our scripts and the sha1test.jar come from unsecure > servers? What if one of the mirrors are hacked to put an evil version > of update.cmd that redirects to a different server/with an evil > version of the node.jar? Users might never know. These are both tiny > files and imho should be left on the secure URL. >
Well, that's the first step : the second one will be to use sha1test for everything ... and removing the binary "wget.exe" But yes, you're right, that's bad NextGen$
signature.asc
Description: Digital signature
_______________________________________________ Devl mailing list [email protected] http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
