* Juiceman <juiceman69 at gmail.com> [2006-08-01 18:21:20]: > On 8/1/06, Matthew Toseland <toad at amphibian.dyndns.org> wrote: > >On Tue, Aug 01, 2006 at 08:11:31PM +0200, Florent Daigni?re (NextGen$) > >wrote: > >> * Matthew Toseland <toad at amphibian.dyndns.org> [2006-08-01 19:06:42]: > >> > >> > It's not mirrored is it? > >> > >> Now it is. > > > >Ummm, that's bad. sha1test.jar should NOT be mirrored. > > Neither should be mirrored, If someone compromises the update script > they can bypass sha1test.jar altogether. Or were you speaking of > something else? >
Ok, I think I've fixed the problem : try getting http://downloads.freenetproject.org/alpha/installer/sha1test.jar, it sends you to http://get.freenetproject.org/sha1test.jar wich isn't mirrored... .cmd and .sh, as well as .sha1 files aren't using mirrors anyway I'm wondering what to do regarding the installer's files (.exe and one .jar) Those are picked up from mirrors and aren't signed. NextGen$ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20060802/20c83ceb/attachment.pgp>
