I think I'm lost. The commit message shows that one file was added to our
site. What file is pointing to it and how did it know to look at our site?
-Alex
On 6/11/18, 12:58 AM, "Piotr Zarzycki" <piotrzarzyck...@gmail.com> wrote:
I moved file on our website [1] and it's working. If I change it to https
we have time out issue as well. When file was used from my server I also
used https and it was working.
Can we just use that location [1] and we will have installer working ?
[1]
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fflex.apache.org%2Finstaller%2Fapache-flex-sdk-installer-config.xml&data=02%7C01%7Caharui%40adobe.com%7C4d8ae8042ed840e0cd9908d5cf712b17%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636643007320096225&sdata=YmowJViVHdhqCrxcGSZLg%2BYY86G%2BsbJCAqsYkcOWEHw%3D&reserved=0
Thanks,
Piotr
pon., 11 cze 2018 o 09:31 Justin Mclean <jus...@classsoftware.com>
napisał(a):
> No I'm not suggesting that. AFAIK it's only the config text file that
Prior
> wants to host.
>
> On Mon., 11 Jun. 2018, 8:47 am Alex Harui, <aha...@adobe.com.invalid>
> wrote:
>
> > Justin,
> >
> > Are you suggesting that we distribute a binary artifact from our project
> > website? Do other projects do that?
> >
> > -Alex
> >
> > On 6/10/18, 10:27 PM, "Justin Mclean" <jus...@classsoftware.com> wrote:
> >
> > Hi,
> >
> > > I'm talking about that file [1]. What kind of security issues do
> you
> > > exactly see if I move that file on my server ?
> >
> > Well if someone changed the paths in those files, our users could
> > unwitting be made to download walware or other stuff. Risk is probably
> low
> > but I have no details on the server this file is going on, for instance
> it
> > it a dedicated server or one that contains shared hosts for instance.
> What
> > other services are running on this server? How is the file
> uloaded/updated
> > on that server? What security is in place to stop others modifying that
> > file? If it located in Poland is that going to cause performance issues
> for
> > people outside of Europe? What happens if the server falls overs can
> > someone on the PMC restart it? Will the rest of the PMC have access to
> this
> > server? Might be best to answer on the private list if you don’t want
> > details about your server made public.
> >
> > Perhaps a better solution would be to host them on the Apache Flex
> > website as currently we do for [1] which the installer gets. Is it too
> hard
> > to have a
> >
>
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fflex.apache.org%2Finstaller%2FXXX%2Fsdk-installer-config-4.0.xml&data=02%7C01%7Caharui%40adobe.com%7Cbe3b60c824884a383f7d08d5cf5c1704%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636642916791710330&sdata=CUrCENwFIuMoAtvJnjoNXT9o41rbsXGXojcwa5QH%2Bys%3D&reserved=0
> ,
> > were XXX if the flex version number as well? Given the issue is only
with
> > 4.16.0 and 4.16.1that’s only two files we would need to host there. That
> > way access and security are handled by ASF infrastructure and we don’t
> have
> > to worry about them.
> >
> > Thanks,
> > Justin
> >
> > 1.
> >
>
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fflex.apache.org%2Finstaller%2Fsdk-installer-config-4.0.xml&data=02%7C01%7Caharui%40adobe.com%7Cbe3b60c824884a383f7d08d5cf5c1704%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636642916791710330&sdata=2ld9NbW8Uar2ARRbaXv14uQ1cNN2U2ZIxWjqpnJdqX0%3D&reserved=0
> >
> >
> >
> >
>
--
Piotr Zarzycki
Patreon:
*https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.patreon.com%2Fpiotrzarzycki&data=02%7C01%7Caharui%40adobe.com%7C4d8ae8042ed840e0cd9908d5cf712b17%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636643007320096225&sdata=v5vx417pobFqInf08DbisQPeFu%2FU0WyzufbVEL%2F%2B2Ho%3D&reserved=0
<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.patreon.com%2Fpiotrzarzycki&data=02%7C01%7Caharui%40adobe.com%7C4d8ae8042ed840e0cd9908d5cf712b17%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636643007320106230&sdata=S3Q%2FNmTpKKkr9oEtYLfIDNZvz7pYHcQyeiuVF7cPLq0%3D&reserved=0>*
