On Thursday 11 December 2008 23:39, Florent Daigni?re wrote: > * Matthew Toseland <toad at amphibian.dyndns.org> [2008-12-11 16:47:23]: > > > Zero3 has been working on a simple, fast windows-specific installer using > > AutoHotKey. > > Good for him > > > AHK is GPL, runs well under Wine according to winehq, and has a > > command-line compiler. Wine can be built without the X libraries and does not > > need root privelidges. > > Good for them. > > > So this can be done under a single restricted user. > > However, if we go for the full bundle approach, we would need to trigger a > > rebuild of the windows installer after successfully deploying a new stable > > jar. > > We don't do that for the main installer; we do it only for mandatories: > why exactly should that one be handled differently?
It shouldn't. If we ship the bundle by default then we should rebuild it for every new stable build. > > > This does NOT necessarily mean running it under the user that builds the > > main jars: a simple protocol involving creating files and waiting for inotify > > will probably suffice (something similar happens already with the jars and > > the website). > > > > First, are there any unresolvable security issues? And do they specifically > > relate to bundling? > > They are and they relate to auto-building the installer, not bundling in > itself. In other words they relate to shipping a full bundle by default. Why can't we extend the existing create-a-file protocol to make this work as safely and securely as the current build process? > > > Second, is this a good idea in any case? > > > > No... More details in other emails of that thread. I don't see any more details, just grumbling. > > > Advantages: > > - Probably a smaller download. > > - Can transparently auto-download Java if needed (unless proxy settings are > > required, in which case Freenet itself probably won't work). > > - Much more control over the install process, so we can have far fewer steps > > where the user has to click "Next", especially if we go for a > > bundle-installer. > > - Since we're moving all the config into the post-install wizard, there should > > be very little maintenance required. > > > > Disadvantages: > > - Have to do some work on emu. > > - Very few of the developers run Windows, or are familiar with AHK, so if we > > DO need to change this, it will be a little problematic. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 827 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20081211/5df7f4da/attachment.pgp>
