It's not mirrored is it? On Mon, Jul 31, 2006 at 06:10:35PM -0400, Juiceman wrote: > On 7/31/06, nextgens at freenetproject.org <nextgens at freenetproject.org> > wrote: > >Author: nextgens > >Date: 2006-07-31 10:30:14 +0000 (Mon, 31 Jul 2006) > >New Revision: 9830 > > > >Modified: > > trunk/apps/installer/installclasspath/linux/update.sh > > trunk/apps/installer/installclasspath/windows/update.cmd > >Log: > >update the updating scripts : new urls > > > >Modified: trunk/apps/installer/installclasspath/linux/update.sh > >=================================================================== > >--- trunk/apps/installer/installclasspath/linux/update.sh 2006-07-30 > >19:31:03 UTC (rev 9829) > >+++ trunk/apps/installer/installclasspath/linux/update.sh 2006-07-31 > >10:30:14 UTC (rev 9830) > >@@ -37,9 +37,9 @@ > > echo Downloading sha1test.jar utility jar which will > > download the actual update. > > if [[ $WGET -eq 1 ]] > > then > >- $DOWNLOADER $NOCERT > >https://emu.freenetproject.org/sha1test.jar > >+ $DOWNLOADER $NOCERT > >http://downloads.freenetproject.org/installer/sha1test.jar > > else > >- $DOWNLOADER > >https://emu.freenetproject.org/sha1test.jar > >+ $DOWNLOADER > >http://downloads.freenetproject.org/installer/sha1test.jar > > fi > > > > if [[ -s sha1test.jar ]] > >@@ -105,7 +105,7 @@ > > sed 's/freenet-cvs-snapshot.jar.new/freenet-cvs-snapshot.jar/g' > > wrapper.conf >wrapper2.conf > > mv wrapper2.conf wrapper.conf > > > >-$DOWNLOADER3 > >https://emu.freenetproject.org/svn/trunk/apps/installer/installclasspath/linux/update.sh > >+$DOWNLOADER3 http://downloads.freenetproject.org/alpha/update/update.sh > > touch update.sh update2.sh > > diff --brief update.sh update2.sh 2>&1 >/dev/null > > if [[ $? -ne 0 ]] > > > >Modified: trunk/apps/installer/installclasspath/windows/update.cmd > >=================================================================== > >--- trunk/apps/installer/installclasspath/windows/update.cmd 2006-07-30 > >19:31:03 UTC (rev 9829) > >+++ trunk/apps/installer/installclasspath/windows/update.cmd 2006-07-31 > >10:30:14 UTC (rev 9830) > >@@ -36,7 +36,7 @@ > > ::Download latest updater and verify it > > if exist update.new.cmd del update.new.cmd > > echo - Checking for updater updates... > >-bin\wget.exe -o NUL > >https://emu.freenetproject.org/svn/trunk/apps/installer/installclasspath/windows/update.cmd > > -O update.new.cmd > >+bin\wget.exe -o NUL > >http://downloads.freenetproject.org/alpha/update/update.cmd -O > >update.new.cmd > > if not exist update.new.cmd goto error1 > > find "FREENET W%MAGICSTRING%WS UPDATE SCRIPT" update.new.cmd > NUL > > if errorlevel 1 goto error1 > >@@ -54,7 +54,7 @@ > > ::Updater is up to date, check Freenet > > :updaterok > > ::Check for sha1test and download if needed. > >-if not exist lib\sha1test.jar bin\wget.exe -o NUL > >https://emu.freenetproject.org/sha1test.jar -O lib\sha1test.jar > >+if not exist lib\sha1test.jar bin\wget.exe -o NUL > >http://downloads.freenetproject.org/alpha/installer/sha1test.jar -O > >lib\sha1test.jar > > if not errorlevel 0 goto error3 > > echo - Updater is up to date. > > echo ----- > > > >_______________________________________________ > >cvs mailing list > >cvs at freenetproject.org > >http://emu.freenetproject.org/cgi-bin/mailman/listinfo/cvs > > > > I think this makes sense from a scalablity view, but is this a good > idea to have our scripts and the sha1test.jar come from unsecure > servers? What if one of the mirrors are hacked to put an evil version > of update.cmd that redirects to a different server/with an evil > version of the node.jar? Users might never know. These are both tiny > files and imho should be left on the secure URL. > > -- > I may disagree with what you have to say, but I shall defend, to the > death, your right to say it. - Voltaire > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl >
-- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20060801/62d3e757/attachment.pgp>
