On Fri, May 4, 2012 at 6:55 PM, Rob Weir <robw...@apache.org> wrote: > On Fri, May 4, 2012 at 12:47 PM, Dave Fisher <dave2w...@comcast.net> wrote: >> >> On May 4, 2012, at 9:40 AM, Rob Weir wrote: >> >>> On Fri, May 4, 2012 at 12:16 PM, Fernando Cassia <fcas...@gmail.com> wrote: >>>> On Fri, May 4, 2012 at 12:46 PM, Dave Fisher <dave2w...@comcast.net> wrote: >>>> >>>>> I think we should offer mappings and have this page definitely download >>>>> via the Apache mirrors. I know what to do to make this work with the >>>>> Apache >>>>> mirror cgi. >>>> >>>> >>>> I think I had read somewhere about Apache choosing to use SourceForge's >>>> network of mirrors around the world for distribution? >>>> >> >> That is correct for the www.openoffice.org/download/ main download page. >> >> The legacy 3.3 binaries should continue to be available from the MirrorBrain >> network. >> >> A portion of the Apache Mirrors will also seed AOO. The page being discussed >> here is on the project site at incubator.apache.org/openofficeorg/. This >> page will serve through the Apache Mirrors. The mirror operators are seeding >> these large binaries and we need to use those as well. >> > > No. no. no. We're trying to reduce the number of places where > download logic lives. If we have a download link for AOO on the > incubator page it should just point to the download.openoffice.org.
My understanding from past conversations on the binaries topic is that we'll have SourceForge serving binaries, and MirrorBrain serving updates. This will make easy to track downloads and have meaningful stats. Roberto >>> A distribution consists of several pieces: >>> >>> 1) The binaries, i.e., the install images. These are served up via >>> SourceForge >>> >>> 2) The source tarballs -- These could go out via Apache mirror network >>> if we want. Or SourceForge. Is will be very low volume in either >>> case. >> >> I'm for doing Source and SDK on the Apache Mirrors. >> >>> >>> 3) The detached signatures and hashes, For these we must link our >>> page to the Apache copies on /dist. This is an essential part of the >>> verification model. This is how the user is protected against a rogue >>> mirror operator or a "man-in-the-middle" attack, They can always >>> verify their download against the authoritative hashes and signature >>> on the Apache server. >> >> This is a key point and should probably be a separate thread. >> >> Regards, >> Dave >> >> >> >>> >>> -Rob >>> >>>> FC >>>> -- >>>> During times of Universal Deceit, telling the truth becomes a revolutionary >>>> act >>>> Durante épocas de Engaño Universal, decir la verdad se convierte en un Acto >>>> Revolucionario >>>> - George Orwell >> -- ==== This e- mail message is intended only for the named recipient(s) above. It may contain confidential and privileged information. If you are not the intended recipient you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and delete the message and any attachment(s) from your system. Thank you.
