Re: [DISCUSS] Experimental installers for 11.0

reema . taneja Fri, 05 Apr 2019 03:35:02 -0700

Hi, I will not be merging this branch to master, it is pushed to myfork only for hosting the binaries temporarily.


Thanks,


Reema


On 05/04/19 3:28 PM, Tushar Joshi wrote:

I can see the binary files are committed and pushed to a code branch on
github fork of NetBeans.
In my opinion this is an anti-pattern and binary files shall not be
committed to code repository (they add to the size of the repository).
Ideally all binaries coming out of build process shall be part of the
release (separate functionality  tab) created on Github.

I believe when the installer creation code is pushed to the repository as
Geertjan mentions, then all these binary files will be available to be
added to the release section of NetBeans.

with regards
     Tushar

Tushar Joshi, Nagpur: 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.tusharjoshi.com&d=DwIFaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=I_-Y15BecdUmuYLJbvbi0hFUs7JgHZnV_jPFSP8DQF0&m=oEcFqq0J0RBRe11dpitSUEtJ6BFdtGDWnMRoX-JB_mg&s=LWIwiyJ66DCmVEzClLgf0JE3GY3XqfSUDBCwUe-lYRg&e=

* MCSD_NET C#, SCJP, RHCE, ZCE, PMP, CSM, SAFe, PRINCE2

* Senior Architect @ Persistent Systems 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.persistent.com&d=DwIFaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=I_-Y15BecdUmuYLJbvbi0hFUs7JgHZnV_jPFSP8DQF0&m=oEcFqq0J0RBRe11dpitSUEtJ6BFdtGDWnMRoX-JB_mg&s=cZZSndo6gLHyD4OpmoZNIx_C-p-1G7L0nLh6I2xFbVE&e=
* LinkedIn: 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.linkedin.com_in_tusharvjoshi&d=DwIFaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=I_-Y15BecdUmuYLJbvbi0hFUs7JgHZnV_jPFSP8DQF0&m=oEcFqq0J0RBRe11dpitSUEtJ6BFdtGDWnMRoX-JB_mg&s=bReg2Ns0SUJybcSZSh5Ufg1nrMNqGNGDFGiYhXzO8KQ&e=



On Fri, Apr 5, 2019 at 2:38 PM Christian Lenz <christian.l...@gmx.net>
wrote:

Yes sure, I only wanted to say, that smth changed/smth is missing from
using NetBeans > 9. So there where no problems with the old oracle NetBeans
until 8.2 (Maybe they where signed correctly) and no problems with NetBeans
9. It started happening with NetBeans 10. But to end my discussion, I will
create a ticket or a new thread about that problem.


Cheers

Chris



Von: Pete Whelpton
Gesendet: Freitag, 5. April 2019 11:05
An: dev@netbeans.incubator.apache.org
Betreff: Re: [DISCUSS] Experimental installers for 11.0

No worries :)   My understanding (I'm 100% sure that this my understanding
is correct) is that digital signing weights the algorithm more in favour of
not displaying a warning, but the early adopters (first few people to
download) may still get the warning until a sufficient level of "trust" has
been built up.

All the best,

P

On Fri, Apr 5, 2019 at 10:01 AM Christian Lenz <christian.l...@gmx.net>
wrote:

So signing is missing here, if I understand it correctly. Thx for the

link

Pete.


Cheers

Chris



Von: Pete Whelpton
Gesendet: Freitag, 5. April 2019 10:29
An: dev@netbeans.incubator.apache.org
Betreff: Re: [DISCUSS] Experimental installers for 11.0

The smartscreen warning is mentioned in the Smartscreen wikipedia page,
under criticism:  
https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_Microsoft-5FSmartScreen&d=DwIFaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=I_-Y15BecdUmuYLJbvbi0hFUs7JgHZnV_jPFSP8DQF0&m=oEcFqq0J0RBRe11dpitSUEtJ6BFdtGDWnMRoX-JB_mg&s=o5yargrRqPHPRiMpiV4zB8vTPiFFnnkkgSsSvRXcNUA&e=

*SmartScreen Filter creates a problem for small software vendors when

they

distribute an updated version of installation or binary files over the
internet. Whenever an updated version is released, SmartScreen responds

by

stating that the file is not commonly downloaded and can therefore

install

harmful files on your system. This can be fixed by the author digitally
signing the distributed software. Reputation is then based not only on a
file's hash but on the signing certificate as well. A common distribution
method for authors to bypass SmartScreen warnings is to pack their
installation program (for example Setup.exe) into a Z
<https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_Zip-5F-28file-5Fformat-29&d=DwIFaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=I_-Y15BecdUmuYLJbvbi0hFUs7JgHZnV_jPFSP8DQF0&m=oEcFqq0J0RBRe11dpitSUEtJ6BFdtGDWnMRoX-JB_mg&s=VUBTL_tboI-QXfVwyop7feza-DTeoRaWFgK0suEh-a8&e=>ip-Archive
 and

distribute

it that way, though this can confuse non-expert users.  *



On Fri, Apr 5, 2019 at 9:24 AM Christian Lenz <christian.l...@gmx.net>
wrote:

Hi,

I’m fine with adding this with a comment that those installer are not
official.

One Issue here is, when I wanted to start the installer, Windows says
again this message: 
https://urldefense.proofpoint.com/v2/url?u=https-3A__ibb.co_2Nr8Q43&d=DwIFaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=I_-Y15BecdUmuYLJbvbi0hFUs7JgHZnV_jPFSP8DQF0&m=oEcFqq0J0RBRe11dpitSUEtJ6BFdtGDWnMRoX-JB_mg&s=D90WfYDjxYKC1SLLapbvOtmdbxSw7KspPsU6_UKwNjg&e=.
 This happened also for
NetBeans > 9. Until NetBeans 9, I didn’t have this Problem. So smth

changed

in the behaviour of the NetBeans executables/binaries that Windows will
show this message. I already gave this info in another thread. This

will

only happen, when I download NetBeans, fresh and new. But when I delete

the

whole folder and the whole dependent directories (userdir, cache), it

will

show the message again.

Should I create a new thread?


Cheers

Chris



Von: Geertjan Wielenga
Gesendet: Freitag, 5. April 2019 09:54
An: dev
Betreff: [DISCUSS] Experimental installers for 11.0

Hi all,

Reema has put the installers created from the installer sources in her

pull

request on Apache NetBeans GitHub in her repo:

https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_rtaneja1_incubator-2Dnetbeans_tree_installer-2Dbin-2D11vc4_nbbuild_installer_binaries&d=DwIFaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=I_-Y15BecdUmuYLJbvbi0hFUs7JgHZnV_jPFSP8DQF0&m=oEcFqq0J0RBRe11dpitSUEtJ6BFdtGDWnMRoX-JB_mg&s=8jdHUgD8Ec7QXH_Mk7lTcA95dy8io2kXV6MIOv2hTzY&e=

She also has a process whereby the installers can be generated as part

of

the build.

However, since we have not checked in the sources of the installer into
Apache NetBeans GitHub and we have not included these convenience

binaries

as part of the vote threads, the installers above can not be seen as
official Apache NetBeans installers -- though that should be the aim

for

the next releases.

However, as discussed in other threads some time ago, there's nothing

wrong

with explicitly linking to the above on the page below so long as we

clear

state that these are not official Apache NetBeans installers, though

that

they should be seen as experimental installers for the next release:

https://urldefense.proofpoint.com/v2/url?u=https-3A__netbeans.apache.org_download_nb110_nb110.html&d=DwIFaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=I_-Y15BecdUmuYLJbvbi0hFUs7JgHZnV_jPFSP8DQF0&m=oEcFqq0J0RBRe11dpitSUEtJ6BFdtGDWnMRoX-JB_mg&s=ts27Rd8MyT6fH1zGbhIWAc1Ki_k3HbUZUizUBQ4i36Y&e=

Do we agree with this? Interested in responses and if everything is
favorable and no objections, will add the info as described above to

the

page above in 24 hours.

Thanks,

Gj



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@netbeans.incubator.apache.org
For additional commands, e-mail: dev-h...@netbeans.incubator.apache.org

For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists

Re: [DISCUSS] Experimental installers for 11.0

Reply via email to