On Saturday 13 December 2008 12:21, Matthew Toseland wrote: > 3. Whether to compile and sign the current installer on emu. > > Nextgens has suggested that we should sign the installer elsewhere. The > bytecode could still be verified provided that the dev who builds it builds > it with appropriate options and declares which JVM they are using. > > PRO: Not putting all our eggs in one basket. Non-java installers can be signed > by their authors, distributed from emu, and download stuff from emu and check > emu's signatures. > > CON: Most devs' boxes, with the exception of nextgens', are less secure than > emu. Prevents shipping an auto-built offline installer. It will have to pull > binaries from emu anyway, so it doesn't actually solve anything. > > RESOLUTION: IMHO the current system works fine. Nextgens has stated his > intention not to participate in any further discussions about the installer, > so we'll ignore him.
Oops, sorry I should have removed that last comment ... on the other hand, it does happen to be true, apart from the ignoring bit: you'll find that I have sided with nextgens on several questions. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 827 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20081213/3702250c/attachment.pgp>
