If you want to make sure the webinstaller hasn't been messed with, just sign it with something like gpg. Explorer has caused a general protection fault in module kernel32.dll. I'm sick of Winblows! ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, November 15, 2002 9:30 AM Subject: [freenet-support] Re: [freenet-dev] Getting rid of the last central point of failure
> >For a while now, we have been working on the distribution servlet, which > >is basically designed to allow people to give copies of Freenet, together > >with seednodes, to their friends > > erm - why? doesn't there exist some webinstallers? just bundle a webinstaller (or even a webinstaller-installer) with your seednodes and mail them away to > the new user. > hu will then receive this mail with some installing instructions/installer files and can build up hus (sounds stupid :p) node. > the needed jar files can be d/led fom /snapshots/, or, if you think this may be potentially tainted somehow, d/led by a minimal-fred provided by the installer > from the freenet under a CHK or SSK-site, which will contain all releases of fred, inserted by the developers. > either way you will have a weak spot: the program that installs fred. either it will report you to someone or download a modified fred and install that one on > your system. or you can not guarantee that your /snapshot/ files are valid, if you point the new user to the url to let him download the files all by himself. > one possible way is to mirror the released snapshots and version within freenet, so noone can touch them, but to be able to rerach them, you already have > to be able to access freenet, this speaks for a mini-fred, which will download the files for you. but the miniinstaler can be tainted, too, leaving you with a loop > of possible weak points. > > i personally have no clue how you can make *sure* a user gets untainted files if the user does not have already freenet access. > > maybe it would be wise to start a new site within freenet, which will mirror the developers' cvs tree and snapshots *done by a trusted person (=devl)*, so one > can be sure, the /snapshots/ files are not the only location to get one of the newer builds (it is possible to modify streams from a webserver, so you can be > sure, it is possible to modify the response to your "get some file from snapshots" in that way, that you will receive a modified fred which can harm your > anonymity) > > so at least you can make *sure* the user will stay "clean" if you start inserting the snapshots within freenet and use a SSK'ed site to gather them, too > > ---~~--- > > geeh - i think i have to read my mails more often so i've got to add something to General Discussion, nearly all of my topics have been adressed so far by > others ;) > > > > _______________________________________________ > support mailing list > [EMAIL PROTECTED] > http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support > _______________________________________________ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support