* Ian Clarke <ian at freenetproject.org> [2008-12-14 06:48:57]: > On Thu, Dec 11, 2008 at 8:16 PM, Zero3 <zero3 at zerosplayground.dk> wrote: > > That covers mine, toads and nextgens opinions. What do everyone else think? > > Here are my thoughts: > > Bundling > ---------- > I don't have a problem with bundling per-se provided we are judicious > about what gets bundled. In issues like this I think its instructive > to look at what other installers do and I think its pretty clear that > bundling dependencies is the norm, not the exception. > > That being said, I don't have a big problem with downloading > dependencies on-demand either. I don't think there is a big > difference in the user experience in either case. > > So I could live with either solution. > > Building the installer automatically on emu > -------------------------------------------------- > The idea that a compromised Emu could lead to the compromising of tens > of thousands of Freenet users is very scary indeed. That being said, > this is a risk with any software that is downloaded from a web server > anywhere. Its more a bug in the lax security models of today's > operating systems, than in anything we are doing in particular. > > Again, I think we should look to the norm for other software, and the > norm is that automatic building of in-development software is pretty > common (Firefox, etc). > > Ian.
Other softwares have got different goals. For them, neither censorship resistance nor user anonymity is a concern. It is *obvious* that we might have to chose different technical solutions, even if it's to address similar problems. I do not think that "looking to the norm for other software" is the way to go in our case. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20081216/a1f9a792/attachment.pgp>