Return-Path: X-Original-To: apmail-incubator-flex-dev-archive@minotaur.apache.org Delivered-To: apmail-incubator-flex-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8ED40DB90 for ; Tue, 11 Sep 2012 08:49:13 +0000 (UTC) Received: (qmail 89759 invoked by uid 500); 11 Sep 2012 08:49:12 -0000 Delivered-To: apmail-incubator-flex-dev-archive@incubator.apache.org Received: (qmail 89514 invoked by uid 500); 11 Sep 2012 08:49:12 -0000 Mailing-List: contact flex-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: flex-dev@incubator.apache.org Delivered-To: mailing list flex-dev@incubator.apache.org Received: (qmail 89498 invoked by uid 99); 11 Sep 2012 08:49:12 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Sep 2012 08:49:12 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [209.85.216.47] (HELO mail-qa0-f47.google.com) (209.85.216.47) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Sep 2012 08:49:05 +0000 Received: by qadc11 with SMTP id c11so1787521qad.6 for ; Tue, 11 Sep 2012 01:48:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:x-gm-message-state; bh=Iz5FHq4fUvb8I6u1d0spD7xQHHw/Cg9FbGFYVRWKSQE=; b=dspI3yL33oECU2t8evqRuHancM3zVanE+lZwp+A4z8SshHphbDeqd3cExwfCKHSonr JpocWnt0zVpIn7V5GHHr7rRZrna+md2+RB49tQgu6WZNwy4RcJ/Sb24ldqxcUh8rAQeK NPG27FhhsVqglWKpF/3pR8XJkFacXpRmjD1Ql/VvCt28WwrhZum75VS5c/K1ILwd+4Rk DdHkvM0mCYtEUcg1VVfJuNMfmn1HRZ1baJNfVFiQV0CaAdErxM/ncCWQ1ChcnODSGn7c eLXd+9YxM66GJt7d2f57PZIvoPhacXY/Ns1Jq3u+qphzrn9xNVuElXK3h1w5rhC4914S ZS8w== MIME-Version: 1.0 Received: by 10.229.136.137 with SMTP id r9mr4489036qct.146.1347353324749; Tue, 11 Sep 2012 01:48:44 -0700 (PDT) Received: by 10.49.95.163 with HTTP; Tue, 11 Sep 2012 01:48:44 -0700 (PDT) In-Reply-To: References: Date: Tue, 11 Sep 2012 10:48:44 +0200 Message-ID: Subject: Re: [MENTOR] and PPMC members: info page about binaries From: Erik de Bruin To: flex-dev@incubator.apache.org Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQlOAxZMBIN/uNCflkgcY/pvJ7MlmMmpM2ywxx/XXWeUN2lDUPdNZtEZLREGcREGphUSwzD2 >> ...I'm thinking that even though binaries are not official Apache Flex >> releases (http://incubator.apache.org/flex/about-binaries.html, thanks >> Bertrand), people will still 'trust' them more if they are actually >> hosted on an Apache mirror then on a random site.... > > That would be a big mistake...Apache mirrors are not controlled by the > ASF, they're a loosely-coupled network where in theory (before being > caught) someone could easily mess with whatever files people download. > > The only way to validate a downloaded file is to check its signature > and/or digest against data obtained from trusted sources. I understand the principle and agree on the theory behind it. However, we want as many people using and advocating Apache Flex as possible. However, in the real world, people will want to stay up to date with the SDK but they can't/don't want to spend a lot of time and effort getting the latest version from SVN and building from source. That's what the convenience binaries are for, IMHO. Having those available from the Apache 'network' (which for all intends and purposes the mirrors act like) will make most people trust them implicitly (yes, not a good idea, agreed, but certainly the way it works for most). I'm sure this is true for any network that makes the binaries available (e.g. Spoon), but since the name is APACHE Flex... I feel the best place for them is with Apache, and have other people/organisations/sites link to them by using the badge. This will make sure the mirrors and not the direct apache.org location are used. EdB -- Ix Multimedia Software Jan Luykenstraat 27 3521 VB Utrecht T. 06-51952295 I. www.ixsoftware.nl