* Juiceman <juiceman69 at gmail.com> [2006-08-01 18:50:35]: > On 8/1/06, Florent Daigni?re (NextGen$) <nextgens at freenetproject.org> > wrote: > >* Juiceman <juiceman69 at gmail.com> [2006-08-01 18:21:20]: > > > >> On 8/1/06, Matthew Toseland <toad at amphibian.dyndns.org> wrote: > >> >On Tue, Aug 01, 2006 at 08:11:31PM +0200, Florent Daigni?re (NextGen$) > >> >wrote: > >> >> * Matthew Toseland <toad at amphibian.dyndns.org> [2006-08-01 19:06:42]: > >> >> > >> >> > It's not mirrored is it? > >> >> > >> >> Now it is. > >> > > >> >Ummm, that's bad. sha1test.jar should NOT be mirrored. > >> > >> Neither should be mirrored, If someone compromises the update script > >> they can bypass sha1test.jar altogether. Or were you speaking of > >> something else? > >> > > > >Ok, I think I've fixed the problem : > > > >try getting > >http://downloads.freenetproject.org/alpha/installer/sha1test.jar, it > >sends you to http://get.freenetproject.org/sha1test.jar wich isn't > >mirrored... > > > That URL works here. I'm guessing the https part isn't important as > long as we're not mirroring? Good enough? >
We don't have any SSL certificate signed by a trusted third party ... so using SSL is kinda pointless anyway (for normal users) NextGen$ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20060802/a301d0c7/attachment.pgp>
