Am Freitag, 14. Dezember 2012, 19:32:18 schrieb Matthew Toseland: > - HTTPS ensures that the executable hasn't been tampered with. However, the > friend providing it may be malicious, computer illiterate, or running a > corrupted build they got from another friend. Trusting your friend is not > necessarily enough here IMHO. - Therefore we want to verify the signature > from FPI as well.
I don’t think that this is strictly necessary. If your friend runs a corrupted build, you have a problem anyway. Another layer of security might be nice, anyway, though: Don’t make it too easy for people to infiltrate freenet… I like the zip-idea, though, because it would allow shipping more than one installer: One for Windows, one for GNU/Linux and one for MacOSX. And we can provide the sha1 hash of the files along with IP:Port:password, so GNU/Linux users can easily check for manipulations. > One fundamental problem with QR codes is they're primarily read by phones > and tablets, which can't realistically run Freenet. It might be possible to prompt the user to send the URL via email to their home-computer. In that case, the QR-code would simply save the typing of the text from a custom business-card. Also people running freenet might not want to use their email address to send the data: don’t leave a data trail between the two people (which is too easy to follow). One more option: Only provide your FOAF connections, NOT your own IP. Best wishes, Arne -- 1w6 sie zu achten, sie alle zu finden, in Spiele zu leiten und sacht zu verbinden. → http://1w6.org
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl