Re: [code] [textadept] Secure download and build

From: <xsek.att.openmailbox.org>
Date: Sun, 01 Nov 2015 18:36:12 +0000

"Let's encrypt" is great, but not ready yet (two weeks to go though as I
remember). What could be done right now is archive of all sources + gpg
signatures of all archives + checksums in buildscripts. It is not
difficult at all.

Also, simplest cert is 10-20$, I can send a few bucks with bitcoins if
Mitchell provides address for that ;)

On 2015-11-01 15:45, Robert Gieseke wrote:
> Hi,
>
> I agree with your proposals, though Mitchell certainly will be able to
> say more on this as he runs the server.
>
> The "Let's encrypt" project[1] (currently in limited beta) might be a
> good way to get a free certificate as these can cost a bit of money.
>
> One option to improve the build scripts might be to include checksums
> of
> the dependencies and verify them after download.
>
> Cheers,
> Robert
>
> [1] https://letsencrypt.org/
>
> Am 01/11/15 um 16:15 schrieb xsek.att.openmailbox.org:
>> Hi!
>>
>> I'm using Arch Linux and Textadept from AUR, and latest build of
>> textadept-curses does not work because libncursesw.so.5 is missing.
>> One
>> way to make it usable is to symlink libncursesw.so.6, but it is dirty
>> hack and will probably lead to problems. So the only solution is to
>> build Textadept from sources.
>>
>> And there is a problem, two actually. First, your website doesn't have
>> ssl encryption and gpg signed archives, I can't even find hashsums to
>> check its integrity. Second, when building external libs are
>> downloaded,
>> and they are downloaded a) from unreliable and infamous sources like
>> sourceforge; or b) without ssl encryption too. Sometimes I need to run
>> editor as root, and call me paranoid, but I find it very insecure with
>> such building environment.
>>
>> I like Textadept very much, I tried just every other editor, and it is
>> the best FMPOV. Could you make it more secure please? :) Or point me
>> to
>> where I'm wrong with my logic.
>>
>> Thanks.
>>

-- 
You are subscribed to code.att.foicica.com.
To change subscription settings, send an e-mail to code+help.att.foicica.com.
To unsubscribe, send an e-mail to code+unsubscribe.att.foicica.com.
Received on Sun 01 Nov 2015 - 13:36:12 EST

This archive was generated by hypermail 2.2.0 : Mon 02 Nov 2015 - 06:32:21 EST