You may redistribute, repackage, and modify freenet as much as you like under the terms of the GNU General Public License;
I've thought about this since yesterday's mail debate regarding signatures:
Freenet will fail its purpose if there isn't a secure way of retrieving official Freenet versions. Allowing anyone to host Freenet clients for download only makes it more likely that at some time someone will host a Freenet client that actively compromises anonymity - for the user of that client, and maybe, networked together to perform traffic analysis and compromise others not running that client.
This is a problem. If the Freenet CVS isn't secured enough to only allow core developers to submit, that need to be fixed. If it is - there's no problem. No one asks for releases personally certified by Toad or Ian - but a way to _know_ that the Freenet client comes from the Freenet project and not Joe Doe. I must confess that I would assume no Freenet client is released without someone manually checking the submitted code against privacy leaks, new developers shouldn't be able to submit code otherwise.
I played with the idea of mailing this list, with a spoofed from (Toad, client update) and a link using a few well known Internet Explorer tricks that hides the true URL, and see how many people I could get to download a fake client. I didn't, though, since I guess more than a few people here might be all too upset by such a little scam.
The easiest solution is to give out Freenet-links to the new versions, right? I'd still like to see a full blown digital signature solution, but in the mean time it's "good enough" if people already running Freenet know they can update their client within Freenet, from a well-known key.
___/ _/
-- http://troed.se - controversial views or common sense? _______________________________________________ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support
