On Fri, Oct 5, 2012 at 1:34 AM, Ildar Mulyukov <[email protected]> wrote: > On 05.10.2012 00:10:13, Hisham wrote: >> Not in practice, because I always upload both the .rockspec and the >> .src.rock file (which contains the tarball). > > ... though you don't imply/care of authenticity of the software > uploaded (?)
I did not understand the question. What I meant is that luarocks clients without HTTPS support will be able to get the code through the .src.rock file in the LuaRocks repository. If a user is worried about authenticity of .src.rock files and wants to make sure they're getting the code from the original source, they can install the appropriate tools (LuaSec, etc), audit the rockspec themselves and then use the rockspec containing the https URL. -- Hisham ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Luarocks-developers mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/luarocks-developers
