[darcs-users] Windows binaries for 2.1.0

Eric Kow kowey at darcs.net
Thu Oct 16 21:12:25 UTC 2008


On Thu, Oct 16, 2008 at 16:34:16 -0400, David Roundy wrote:
> No, I'm not really very comfortable with putting the buildbot-built
> binaries on darcs.net from a security perspective.  It's true that we
> don't have very strong security safeguards, but I would still rather
> not put untrusted binaries on darcs.net itself.  Although I trust
> Zooko, I don't trust the owners of all buildbots to keep their
> machines locked down, and I'd rather not try to distinguish between
> the trusted and untrusted buildbots.

Makes sense to me.
> Why not just stick them on the wiki? Yes, that exposes downloaders to
> the same sorts of attacks and a few more, but anyone downloading a
> binary off a wiki really ought to know the risk they're taking, while
> someone downloading from http://darcs.net/binaries has good reason to
> believe that we trust those files.

The issue at hand is that we need a place for the buildbot to upload the
binaries.  Do you think something like http://contrib.darcs.net (or a
more strongly named URL) could send the buyer beware message clearly
enough?  Otherwise, I guess we could get one of our enthusiastic
volunteers to offer a place...

Eric Kow <http://www.nltg.brighton.ac.uk/home/Eric.Kow>
PGP Key ID: 08AC04F9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : http://lists.osuosl.org/pipermail/darcs-users/attachments/20081016/11f8685c/attachment.pgp 

More information about the darcs-users mailing list