Hi Dennis
On 18.03.2012 19:12, Dennis E. Hamilton wrote:
There are several things that make me nervous about this idea.
1. User Agent strings are not assured to be reliable. And the update site has
to be carefully protected against itself being attacked with bogus HTTP
requests.
Yes, web ser
Hi
On 19.03.2012 00:57, Rob Weir wrote:
On Sun, Mar 18, 2012 at 2:12 PM, Dennis E. Hamilton
wrote:
There are several things that make me nervous about this idea.
Can someone say how long the current product update approach has been
in use in OpenOffice.org and whether any of the things t
On Sun, Mar 18, 2012 at 2:12 PM, Dennis E. Hamilton
wrote:
> There are several things that make me nervous about this idea.
>
Can someone say how long the current product update approach has been
in use in OpenOffice.org and whether any of the things that make
Dennis nervous have been an issue
te failure modes and minimum attack surface.
- Dennis
-Original Message-
From: Kay Schenk [mailto:kay.sch...@gmail.com]
Sent: Sunday, March 18, 2012 14:00
To: ooo-dev@incubator.apache.org; dennis.hamil...@acm.org
Subject: Re: [UPDATE SERVICE] (was Re: proposal for temporary solution until
On Sun, Mar 18, 2012 at 11:12 AM, Dennis E. Hamilton <
dennis.hamil...@acm.org> wrote:
> There are several things that make me nervous about this idea.
>
> 1. User Agent strings are not assured to be reliable. And the update site
> has to be carefully protected against itself being attacked with
There are several things that make me nervous about this idea.
1. User Agent strings are not assured to be reliable. And the update site has
to be carefully protected against itself being attacked with bogus HTTP
requests.
2. Ideally, a build identifies a unique web location that is specific
