flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik de Bruin <e...@ixsoftware.nl>
Subject Re: [VOTE] Release InstallApacheFlex 1.0 - RC5
Date Tue, 25 Sep 2012 14:28:07 GMT

Thank you for your feedback. In the spirit of your remarks I have
added a paragraph "Note: ..." to the installer download page [1]. I
also added language similar to that note to the disclaimer page [2].
In version 1.1 we plan to address this in the application itself, but
for now, this should suffice. The issue is recorded in FLEX-33208.

Also, I agree the language in the README should be corrected, but I
don't see the current remark as a showstopper. We will also address
this in version 1.1. The issue is recorded in FLEX-33209.


1: http://incubator.apache.org/flex/installer.html
2: http://incubator.apache.org/flex/about-binaries.html

On Mon, Sep 24, 2012 at 5:57 PM, Bertrand Delacretaz
<bdelacretaz@apache.org> wrote:
> Hi,
> On Monday, September 17, 2012, Om wrote:
>> ...The source distributions for Windows and Mac are available here:
>> http://people.apache.org/~bigosmallm/installapacheflex_RC5/ ...
> The release archive looks good to me, but I have one issue about the
> installer use case - sorry that I didn't notice that earlier (and if I'm
> correct I'm surprised that nobody brought that up).
> IIUC the installer downloads a number of files (listed
> in installer/src/sdk-installer-config.xml) and installs them on the user's
> system.
> Does it make the user aware that that's happening? IMO there should be a
> confirmation somewhere, where the user is given the option of either
> a) Reviewing the list of files that are going to be downloaded, and
> accepting or rejecting the whole thing
> b) Say "I don't care, go ahead".
> My concern is that in terms of quality and security, we don't want Apache
> software to mess with people's systems without letting them know beforehand.
> Another thing in the README: "This hash is compared with the hash from the
> Apache Flex SDK release site -  If they match, we verify that the
> downloaded binary file is a valid Apache release...". Binaries are not
> Apache releases, so you shouldn't say that. I'd change it to something like
> "the md5 digest of the downloaded file is compared with one obtained from
> the apache.org website, and the installer aborts if they don't match".
> -Bertrand

Ix Multimedia Software

Jan Luykenstraat 27
3521 VB Utrecht

T. 06-51952295
I. www.ixsoftware.nl

View raw message