On 8/1/06, Florent Daigni?re (NextGen$) <nextgens at freenetproject.org> wrote: > * Juiceman <juiceman69 at gmail.com> [2006-08-01 18:21:20]: > > > On 8/1/06, Matthew Toseland <toad at amphibian.dyndns.org> wrote: > > >On Tue, Aug 01, 2006 at 08:11:31PM +0200, Florent Daigni?re (NextGen$) > > >wrote: > > >> * Matthew Toseland <toad at amphibian.dyndns.org> [2006-08-01 19:06:42]: > > >> > > >> > It's not mirrored is it? > > >> > > >> Now it is. > > > > > >Ummm, that's bad. sha1test.jar should NOT be mirrored. > > > > Neither should be mirrored, If someone compromises the update script > > they can bypass sha1test.jar altogether. Or were you speaking of > > something else? > > > > Ok, I think I've fixed the problem : > > try getting > http://downloads.freenetproject.org/alpha/installer/sha1test.jar, it > sends you to http://get.freenetproject.org/sha1test.jar wich isn't > mirrored... > That URL works here. I'm guessing the https part isn't important as long as we're not mirroring? Good enough?
> .cmd and .sh, as well as .sha1 files aren't using mirrors anyway > > I'm wondering what to do regarding the installer's files (.exe and one > .jar) Those are picked up from mirrors and aren't signed. > > NextGen$ > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.3 (GNU/Linux) > > iD8DBQFEz9iVU/Z/dHFfxtcRAhISAKCc93+mHOXi/h21AiT4dLq8rWzq6QCeMNDm > LVJZhbS+hB0H67LMEs5+fZw= > =Fiqt > -----END PGP SIGNATURE----- > > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > -- I may disagree with what you have to say, but I shall defend, to the death, your right to say it. - Voltaire
