Re: [code] [textadept] Secure download and build

From: Robert Gieseke <rob.g.att.web.de>
Date: Sun, 1 Nov 2015 16:45:17 +0100

Hi,

I agree with your proposals, though Mitchell certainly will be able to
say more on this as he runs the server.

The "Let's encrypt" project[1] (currently in limited beta) might be a
good way to get a free certificate as these can cost a bit of money.

One option to improve the build scripts might be to include checksums of
the dependencies and verify them after download.

Cheers,
Robert

[1] https://letsencrypt.org/

Am 01/11/15 um 16:15 schrieb xsek.att.openmailbox.org:
> Hi!
>
> I'm using Arch Linux and Textadept from AUR, and latest build of
> textadept-curses does not work because libncursesw.so.5 is missing. One
> way to make it usable is to symlink libncursesw.so.6, but it is dirty
> hack and will probably lead to problems. So the only solution is to
> build Textadept from sources.
>
> And there is a problem, two actually. First, your website doesn't have
> ssl encryption and gpg signed archives, I can't even find hashsums to
> check its integrity. Second, when building external libs are downloaded,
> and they are downloaded a) from unreliable and infamous sources like
> sourceforge; or b) without ssl encryption too. Sometimes I need to run
> editor as root, and call me paranoid, but I find it very insecure with
> such building environment.
>
> I like Textadept very much, I tried just every other editor, and it is
> the best FMPOV. Could you make it more secure please? :) Or point me to
> where I'm wrong with my logic.
>
> Thanks.
>

-- 
You are subscribed to code.att.foicica.com.
To change subscription settings, send an e-mail to code+help.att.foicica.com.
To unsubscribe, send an e-mail to code+unsubscribe.att.foicica.com.
Received on Sun 01 Nov 2015 - 10:45:17 EST

This archive was generated by hypermail 2.2.0 : Mon 02 Nov 2015 - 06:32:18 EST