On 07.08.2012, at 13:02, Tim Hinkes <timm...@timmeey.de> wrote: > On 08/07/2012 11:48 AM, Frank Karlitschek wrote: >> Hi, >> >> I finished a small script that I wanted to do for a long long time. >> It´s an alternative way to install ownCloud on a webspace. >> >> It´s a single php file that you have to upload to your webspace. It checks >> the dependencies, download the newest ownCloud from the official server, >> unpacks it with the right permissions and the right user account, redirects >> to the ownCloud installer and deletes itself afterwards. >> >> The benefit is that this should be easier for unexperienced users because >> you don´t have to manually unpack the owncloud tar and upload to the server. >> You also don´t have to fix the folder permissions manually because the >> script can do this automatically. Another benefit is that the files belong >> to the webserver user so that ownCloud can update itself later automatically >> as soon as we have this functionality implemented. ;-) >> >> The file is located here: >> https://gitorious.org/owncloud/administration/trees/master/web-installer >> >> Testing and feedback needed :-) >> >> >> Frank > > This is a very nice idea Frank, coz it lowers the needed user experience. > Nice work :-) > > BUT. OC is a very sensible piece of software because u store a lot of > sensible data in it. > > I think the zip file should be some kind of hash checked. > Where to get a secure hash? > If u just compare it to a hash that stands near to the zip on the webpage, it > would be useless. > So what about kind of https page with a signed/trusted cert, where the > installer could fetch the md5 of the actual release?With this signed page the > installer could check that it did not download a malicious/harmfull piece of > software.
Good point. I will add this. Frank _______________________________________________ Owncloud mailing list Owncloud@kde.org https://mail.kde.org/mailman/listinfo/owncloud