Hi! On Thu, Oct 16, 2008 at 16:34:16 -0400, David Roundy wrote: > No, I'm not really very comfortable with putting the buildbot-built > binaries on darcs.net from a security perspective. It's true that we > don't have very strong security safeguards, but I would still rather > not put untrusted binaries on darcs.net itself. Although I trust > Zooko, I don't trust the owners of all buildbots to keep their > machines locked down, and I'd rather not try to distinguish between > the trusted and untrusted buildbots.
Makes sense to me. > Why not just stick them on the wiki? Yes, that exposes downloaders to > the same sorts of attacks and a few more, but anyone downloading a > binary off a wiki really ought to know the risk they're taking, while > someone downloading from http://darcs.net/binaries has good reason to > believe that we trust those files. The issue at hand is that we need a place for the buildbot to upload the binaries. Do you think something like http://contrib.darcs.net (or a more strongly named URL) could send the buyer beware message clearly enough? Otherwise, I guess we could get one of our enthusiastic volunteers to offer a place... -- Eric Kow <http://www.nltg.brighton.ac.uk/home/Eric.Kow> PGP Key ID: 08AC04F9
pgpzVepeyRxT8.pgp
Description: PGP signature
_______________________________________________ darcs-users mailing list [email protected] http://lists.osuosl.org/mailman/listinfo/darcs-users
