Re: [code] [textadept] Secure download and build

From: Robert Gieseke <>
Date: Sun, 1 Nov 2015 16:45:17 +0100


I agree with your proposals, though Mitchell certainly will be able to
say more on this as he runs the server.

The "Let's encrypt" project[1] (currently in limited beta) might be a
good way to get a free certificate as these can cost a bit of money.

One option to improve the build scripts might be to include checksums of
the dependencies and verify them after download.



Am 01/11/15 um 16:15 schrieb
> Hi!
> I'm using Arch Linux and Textadept from AUR, and latest build of
> textadept-curses does not work because is missing. One
> way to make it usable is to symlink, but it is dirty
> hack and will probably lead to problems. So the only solution is to
> build Textadept from sources.
> And there is a problem, two actually. First, your website doesn't have
> ssl encryption and gpg signed archives, I can't even find hashsums to
> check its integrity. Second, when building external libs are downloaded,
> and they are downloaded a) from unreliable and infamous sources like
> sourceforge; or b) without ssl encryption too. Sometimes I need to run
> editor as root, and call me paranoid, but I find it very insecure with
> such building environment.
> I like Textadept very much, I tried just every other editor, and it is
> the best FMPOV. Could you make it more secure please? :) Or point me to
> where I'm wrong with my logic.
> Thanks.

You are subscribed to
To change subscription settings, send an e-mail to
To unsubscribe, send an e-mail to
Received on Sun 01 Nov 2015 - 10:45:17 EST

This archive was generated by hypermail 2.2.0 : Mon 02 Nov 2015 - 06:32:18 EST