----- Original Message ----- From: "Mark J Roberts" <m...@znex.org> To: <devl at freenetproject.org> Sent: Tuesday, August 20, 2002 5:55 PM Subject: Re: [freenet-dev] Things to do
> Fred should upgrade itself when we bump the minimum version. While this would seem to be a really good idea, I worry about the potential of a hack into the updates website that could install a "backdoored" version, and most of the nodes would upgrade to this evil version before anyone realized. Maybe after the jar's can be updated from a secure SSK... Speaking of which, how about using a DBR site for jar updates that is updated every 4 hours??? Maybe put the version tag on the DBR site that the node can check. Nodes can try to download the jar from the SSK until they get the tag of the newest version seen. Another thing that bugs me is that anyone can compile their own jar with a bullshit build number, causing countless frustrations for node operators. We are lucky that a prankster hasn't done this already. While we are at it, lets not have fproxy warn us to upgrade until more than just one or two of the nodes in our routing table have a higher build. _______________________________________________ devl mailing list devl at freenetproject.org http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/devl