Return-Path: Delivered-To: apmail-ant-dev-archive@www.apache.org Received: (qmail 64052 invoked from network); 3 Sep 2007 10:08:47 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 3 Sep 2007 10:08:47 -0000 Received: (qmail 86222 invoked by uid 500); 3 Sep 2007 10:08:41 -0000 Delivered-To: apmail-ant-dev-archive@ant.apache.org Received: (qmail 85915 invoked by uid 500); 3 Sep 2007 10:08:40 -0000 Mailing-List: contact dev-help@ant.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Ant Developers List" Reply-To: "Ant Developers List" Delivered-To: mailing list dev@ant.apache.org Received: (qmail 85904 invoked by uid 99); 3 Sep 2007 10:08:40 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Sep 2007 03:08:40 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Sep 2007 10:09:47 +0000 Received: by brutus.apache.org (Postfix, from userid 33) id 9CA9971420B; Mon, 3 Sep 2007 03:08:14 -0700 (PDT) From: bugzilla@apache.org To: dev@ant.apache.org Subject: DO NOT REPLY [Bug 43162] - Verification for Microsoft Windows incompletely described In-Reply-To: X-Bugzilla-Reason: AssignedTo Message-Id: <20070903100814.9CA9971420B@brutus.apache.org> Date: Mon, 3 Sep 2007 03:08:14 -0700 (PDT) X-Virus-Checked: Checked by ClamAV on apache.org DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=43162 ------- Additional Comments From stevel@apache.org 2007-09-03 03:08 ------- -as the others said, we have nothing against winxp users, though win9x was such a source of support calls that it is no longer supported. My laptop runs windowsXP. 1. What you dont get with windows is the toolchain for md5 and sha1 sum checking out the box. On linux you can do sha1sum and md5sum to check the hash value of any binary against a version picked up from a trusted location (such as apache https server), or get ant from a trusted distribution. 2. Windows is very good at verifying microsoft code (and updating it on demand), but mediocre for validating binaries of others, or for keeping them up to date. Hence every windows app you install adds a little auto updater applet to slow down your machine, merely to keep adobe, sun, real, apple, etc apps up to date. 3. A .cab file would require the tooling to create and sign the cab on all platforms we build ant on, as we cannot require the release manager to run windows. It would also need a key that is trusted by the user, meaning Apache would need to become its own CA and get microsoft to (a) trust it and (b) add it to the list of trusted sources. Or each project pays $500/year to get a verisign code signing license. It would also require us to test a new distribution format, which can only be done on windows systems, which complicates the release process more. The effect of producing cab files would require the annual outlay of code signing certificates, and the release manager to have a Windows VMware image to validate the file, if not generate it. Much easier to improve the documentation on how to validate the file. Note that Gnupg, http://www.gnupg.org/download/ can verify signatures; it has a command line, doesnt need registration, etc. We should cover this in the documentation. -Steve So no, no new cab file. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org For additional commands, e-mail: dev-help@ant.apache.org