I understand and agree with your concern about your users' protection and
experience. Honestly, we cannot promise 100% 24/7 availability, but we'll
do our best to be 99%+. As long as we will have users in Sharefest GIMP
page, it will be available. As for security - what do you mean by
verifying the file before the user downloads anything? We currently work on
verifying each block downloaded. If a block has the wrong hash (checksum),
it's discarded. Before the file is available for the user to execute, it
will be verified as well.
If I haven't mention, Sharefest is FLOSS -
https://github.com/Peer5/ShareFest and is totally free of these adware
downloaders. You can think of it as a "Web Downloader", and the installer
is untouched or repackaged. It's completely ads free - we do not want to
make money out of GIMP at all!
Other than being more efficient under load (which can be critical for new
version release), our system has two advantages that I didn't mention,:
1. Resumable downloads - even if the download is canceled or
interrupted, users will be able to resume it. Useful for places with slow
Internet in my opinion. This feature will be released this week.
2. LAN P2P - This is very useful for GIMP events or for organizations
that have multiple users that need to install GIMP. In this case, the
download speeds will no longer depend on the Internet connection because
GIMP will be transferred among the users thru the local network. The bottom
line is much faster download and less Internet bandwidth used. In my
experience, bad Internet connection is common on hackathons for example,
and downloads are VERY slow from the Internet.
It is obvious that there are many other hosts that want you to link them,
and it's impossible to do that. But because Sharefest is not an HTTP host,
it can actually work better than the mirrors on some cases. Perhaps we can
test it for a short time, and see how it goes?
On Fri, Aug 30, 2013 at 1:50 AM, Michael Schumacher <schum...@gmx.de> wrote:
> On 30.08.2013 00:05, Alexandre Prokoudine wrote:
> > Imagine a security breach on one of them, and we recommended it?
> I'll be honest: this offer has a really bad timing.
> All those "Install IQ/ Download Admin" ads, the genuine trojaned
> gimphost.* crap and the download-arrow-faking ads at SourceForge (and
> their recent 'hey., use our adware-installing installer' move) put me in
> an "everyone who is not part of a FLOSS community is trying to kill
> FLOSS" mood.
> "Secured, anonymous, instant,"...
> We obviously would not want the anonymous part for files like
> installers, but verifiable checksums and signed files. Does the protocol
> allow to check for that, preferably befire the user downloads anything?
> GPG: 96A8 B38A 728A 577D 724D 60E5 F855 53EC B36D 4CDD
> gimp-web-list mailing list
gimp-web-list mailing list