But what code knew to start looking at the website instead of dist? Didn't
something else need to change? I'm trying to understand all of the pieces.
-Alex
On 6/11/18, 12:34 PM, "Piotr Zarzycki" <piotrzarzyck...@gmail.com> wrote:
Alex,
When we are trying to read following file [1], we are getting time out in
installer. I moved that file to our website [2] and locally tested
installer. - I got positive results. It's started to work.
[1]
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.apache.org%2Fdist%2Fflex%2F4.16.1%2Fbinaries%2Fapache-flex-sdk-installer-config.xml&data=02%7C01%7Caharui%40adobe.com%7C8cf556e5bf954296e05908d5cfd26258%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636643424854057105&sdata=WaA3FpmHKJuhJI5Dpvxy6gfIBXOYBNg862fzTpLSucQ%3D&reserved=0
[2]
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fflex.apache.org%2Finstaller%2Fapache-flex-sdk-installer-config.xml&data=02%7C01%7Caharui%40adobe.com%7C8cf556e5bf954296e05908d5cfd26258%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636643424854057105&sdata=nRM0G2Vsc3uVg9sg3SEiF%2FnKzmO34dUJACfhl47MbEc%3D&reserved=0
Thanks,
Piotr
pon., 11 cze 2018 o 17:24 Alex Harui <aha...@adobe.com.invalid> napisał(a):
> I think I'm lost. The commit message shows that one file was added to our
> site. What file is pointing to it and how did it know to look at our
site?
>
> -Alex
>
> On 6/11/18, 12:58 AM, "Piotr Zarzycki" <piotrzarzyck...@gmail.com> wrote:
>
> I moved file on our website [1] and it's working. If I change it to
> https
> we have time out issue as well. When file was used from my server I
> also
> used https and it was working.
>
> Can we just use that location [1] and we will have installer working ?
>
> [1]
>
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fflex.apache.org%2Finstaller%2Fapache-flex-sdk-installer-config.xml&data=02%7C01%7Caharui%40adobe.com%7C4d8ae8042ed840e0cd9908d5cf712b17%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636643007320096225&sdata=YmowJViVHdhqCrxcGSZLg%2BYY86G%2BsbJCAqsYkcOWEHw%3D&reserved=0
>
> Thanks,
> Piotr
>
> pon., 11 cze 2018 o 09:31 Justin Mclean <jus...@classsoftware.com>
> napisał(a):
>
> > No I'm not suggesting that. AFAIK it's only the config text file
> that Prior
> > wants to host.
> >
> > On Mon., 11 Jun. 2018, 8:47 am Alex Harui, <aha...@adobe.com.invalid
> >
> > wrote:
> >
> > > Justin,
> > >
> > > Are you suggesting that we distribute a binary artifact from our
> project
> > > website? Do other projects do that?
> > >
> > > -Alex
> > >
> > > On 6/10/18, 10:27 PM, "Justin Mclean" <jus...@classsoftware.com>
> wrote:
> > >
> > > Hi,
> > >
> > > > I'm talking about that file [1]. What kind of security
> issues do
> > you
> > > > exactly see if I move that file on my server ?
> > >
> > > Well if someone changed the paths in those files, our users
> could
> > > unwitting be made to download walware or other stuff. Risk is
> probably
> > low
> > > but I have no details on the server this file is going on, for
> instance
> > it
> > > it a dedicated server or one that contains shared hosts for
> instance.
> > What
> > > other services are running on this server? How is the file
> > uloaded/updated
> > > on that server? What security is in place to stop others modifying
> that
> > > file? If it located in Poland is that going to cause performance
> issues
> > for
> > > people outside of Europe? What happens if the server falls overs
> can
> > > someone on the PMC restart it? Will the rest of the PMC have
> access to
> > this
> > > server? Might be best to answer on the private list if you don’t
> want
> > > details about your server made public.
> > >
> > > Perhaps a better solution would be to host them on the Apache
> Flex
> > > website as currently we do for [1] which the installer gets. Is it
> too
> > hard
> > > to have a
> > >
> >
>
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fflex.apache.org%2Finstaller%2FXXX%2Fsdk-installer-config-4.0.xml&data=02%7C01%7Caharui%40adobe.com%7Cbe3b60c824884a383f7d08d5cf5c1704%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636642916791710330&sdata=CUrCENwFIuMoAtvJnjoNXT9o41rbsXGXojcwa5QH%2Bys%3D&reserved=0
> > ,
> > > were XXX if the flex version number as well? Given the issue is
> only with
> > > 4.16.0 and 4.16.1that’s only two files we would need to host
> there. That
> > > way access and security are handled by ASF infrastructure and we
> don’t
> > have
> > > to worry about them.
> > >
> > > Thanks,
> > > Justin
> > >
> > > 1.
> > >
> >
>
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fflex.apache.org%2Finstaller%2Fsdk-installer-config-4.0.xml&data=02%7C01%7Caharui%40adobe.com%7Cbe3b60c824884a383f7d08d5cf5c1704%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636642916791710330&sdata=2ld9NbW8Uar2ARRbaXv14uQ1cNN2U2ZIxWjqpnJdqX0%3D&reserved=0
> > >
> > >
> > >
> > >
> >
>
>
> --
>
> Piotr Zarzycki
>
> Patreon: *
>
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.patreon.com%2Fpiotrzarzycki&data=02%7C01%7Caharui%40adobe.com%7C4d8ae8042ed840e0cd9908d5cf712b17%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636643007320096225&sdata=v5vx417pobFqInf08DbisQPeFu%2FU0WyzufbVEL%2F%2B2Ho%3D&reserved=0
> <
>
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.patreon.com%2Fpiotrzarzycki&data=02%7C01%7Caharui%40adobe.com%7C4d8ae8042ed840e0cd9908d5cf712b17%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636643007320106230&sdata=S3Q%2FNmTpKKkr9oEtYLfIDNZvz7pYHcQyeiuVF7cPLq0%3D&reserved=0
> >*
>
>
>
--
Piotr Zarzycki
Patreon:
*https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.patreon.com%2Fpiotrzarzycki&data=02%7C01%7Caharui%40adobe.com%7C8cf556e5bf954296e05908d5cfd26258%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636643424854057105&sdata=6rndu7V2f8DYDeQLB0kpqtXWYJvKZDIu3l%2Ba8bS9A2A%3D&reserved=0
<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.patreon.com%2Fpiotrzarzycki&data=02%7C01%7Caharui%40adobe.com%7C8cf556e5bf954296e05908d5cfd26258%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C636643424854057105&sdata=6rndu7V2f8DYDeQLB0kpqtXWYJvKZDIu3l%2Ba8bS9A2A%3D&reserved=0>*
