* Juiceman <juiceman69 at gmail.com> [2006-07-31 18:10:35]: > > I think this makes sense from a scalablity view, but is this a good > idea to have our scripts and the sha1test.jar come from unsecure > servers? What if one of the mirrors are hacked to put an evil version > of update.cmd that redirects to a different server/with an evil > version of the node.jar? Users might never know. These are both tiny > files and imho should be left on the secure URL. >
Well, that's the first step : the second one will be to use sha1test for everything ... and removing the binary "wget.exe" But yes, you're right, that's bad NextGen$ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20060801/e225a069/attachment.pgp>
