Matthew Toseland skrev: > Issues for the installer. Both Zero3 and nextgens seem to have decided to > sulk, so I'll arbitrarily decide these issues where there is deadlock and if > anyone objects he can reply to this thread with a reasoned argument. > >
I'm not sulking as in "to express ill humor or offense by remaining sullenly silent or withdrawn.", if that's what you mean. But I don't reply to mails 24/7, so I'm sorry if that is misunderstood as sulking. Not my intention. > 2. Whether it should run from the startup group, by the logged-in user, > rather > than as a system service running in its own user. > > RESOLUTION: We should continue to run Freenet as a system service. > > WHY: Freenet keeps all its config files in one place. Running it as one user > and then another user would result in it breaking due to permissions > problems. The only ways to avoid this are 1) running it as a separate user, > or 2) having per-user configuration, including the node, the Friends list and > so on. IMHO 2) is utterly unacceptable, because we end up with one node per > user, and updating would be tricky if not impossible. > Huh? Did you read my last couple of replies to nextgens? There is no permission breaking of any kind going on here, as I tried to explain in the other thread. I have yet to see any kind of proof to that claim of nextgen's, or a least a proper explanation of these "permission problems" I haven't been able to reproduce at all. The argument doesn't even make sense, as you are giving permissions to the installed node files to the Freenet user atm. If there was permission problem, as claimed, then users wouldn't be able to access the node files from their regular user... > 4. Whether we should ship the "offline" installer by default. > > PRO: Less chance of a user in a hostile regime either being denied service or > giving themselves away. Less impact if emu is DoS'ed. Simpler installer. > > CON: Less statistics, problems with outdated versions, installer must be > built > and signed on emu, must sign the installer automatically on emu, Microsoft > and many other ship "online" installers, actual download is larger and > therefore more likely to be cancelled. > Huh x2? 1) "Less statistics": As I mentioned several times already, if you want statistics (even though I disagree about doing it in this way), I can simply make the installer fetch ..../counter.php (or something like that) on the website. If the website is down for any reason, the only cost would be the statistics, as the installer can just continue anyway (as it already has the files it needs to do the actual install). 2) "Problems with outdated versions": That's a fair argument. But even very old nodes are able to UOM. I have also offered solutions to help that problem, the most appealing probably being to warn and offer to download a new installer if installer is very old at execution time. 2) "Installer must be built and signed on emu": Unless I'm misunderstanding you, you just argued earlier that it wouldn't make any real difference as we are signing .jars there already. I don't know if Java signs .exe files, but Microsoft has official tools to do so as well: http://msdn.microsoft.com/en-us/library/aa380259(VS.85).aspx 3) "Microsoft and many other ship "online" installers": How is that a "consequence" to us? 4) "Actual download is larger and therefore more likely to be cancelled": It's an ~8 MB download! Less than a minute on a standard 2Mbit connection. Roughly the same size as FireFox (7.1 MB). If users cancels the download because of having to wait a single minute, I'm quite sure the user won't be pleased with the loading times within Freenet *at all*! > - Can't be signed on emu unless somebody comes up with an open source exe > signing tool ... does Wine provide one? In any case a real code signing cert > is expensive, gpg-signing the exe is probably the easiest way to establish a > real trust path. > See my link above. Surely SDK binaries from Microsoft can be trusted, since we trust Windows itself in the first place? If we really *needs* to do the "built-in" .exe signing. > I believe the above decisions are practically implementible and should annoy > nextgens and Zero3 to equal degrees. > I hope that's just meant as a joke... :-/ - Zero3
