Return-Path: 
 <flex-dev-return-12816-apmail-incubator-flex-dev-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-flex-dev-archive@minotaur.apache.org
Delivered-To: apmail-incubator-flex-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id BB891D1B9
	for <apmail-incubator-flex-dev-archive@minotaur.apache.org>;
 Tue, 25 Sep 2012 14:28:35 +0000 (UTC)
Received: (qmail 24824 invoked by uid 500); 25 Sep 2012 14:28:35 -0000
Delivered-To: apmail-incubator-flex-dev-archive@incubator.apache.org
Received: (qmail 24744 invoked by uid 500); 25 Sep 2012 14:28:34 -0000
Mailing-List: contact flex-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:flex-dev-help@incubator.apache.org>
List-Unsubscribe: <mailto:flex-dev-unsubscribe@incubator.apache.org>
List-Post: <mailto:flex-dev@incubator.apache.org>
List-Id: <flex-dev.incubator.apache.org>
Reply-To: flex-dev@incubator.apache.org
Delivered-To: mailing list flex-dev@incubator.apache.org
Received: (qmail 24736 invoked by uid 99); 25 Sep 2012 14:28:34 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Sep 2012 14:28:34 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (athena.apache.org: local policy)
Received: from [209.85.223.175] (HELO mail-ie0-f175.google.com)
 (209.85.223.175)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Sep 2012 14:28:29 +0000
Received: by iebc13 with SMTP id c13so7019488ieb.6
        for <flex-dev@incubator.apache.org>;
 Tue, 25 Sep 2012 07:28:08 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:x-gm-message-state;
        bh=CjwrET6vecJr8V71+gyw2fAhKPiR6PQG4R65PmouqQ8=;
        b=K0X4YUtaii9YlV9XNvm6o5YDB0KJObdsLcGAPKQqho8aXKhUq+J+WMpkw/t1Aq9CyK
         +macYua3d8xQJrMehRoDkfLmMtiC1bKHkRqPXFllJjh+48H+sFmknLblPzQJ5ckijQ6m
         BjsKLzXzGFVe5FtX0Ev2+qqqoIrHnlhxWAe5iMrFx6q6FjzGmcDDx1qC2D1QqswxqbkX
         XrM9zR+7ekmemFBM8ePEd92aIkpvnPFiHAtuHcHJ5U+LLW3Zyu+5GNr4pFewoFHQ2AGt
         yhxdtffK3bWOB/24t7pXgEK67ihqs7/SJKOEXzXzM2P/VW6MHxUDEq73doTsBoSoK7OL
         iqKA==
MIME-Version: 1.0
Received: by 10.50.183.202 with SMTP id eo10mr8426778igc.38.1348583287965;
 Tue, 25 Sep 2012 07:28:07 -0700 (PDT)
Received: by 10.64.165.8 with HTTP; Tue, 25 Sep 2012 07:28:07 -0700 (PDT)
In-Reply-To: 
 <CAEWfVJmWxswFMWUzACP_VwWsWmm3u6yy_ZyeNnd+C98MwWYceQ@mail.gmail.com>
References: 
 <CACK5iZeyezdX_Mpwzig2RDYWBEoQiBO-cBimnaixyPFxS_m+jw@mail.gmail.com>
	<CAEWfVJmWxswFMWUzACP_VwWsWmm3u6yy_ZyeNnd+C98MwWYceQ@mail.gmail.com>
Date: Tue, 25 Sep 2012 16:28:07 +0200
Message-ID: 
 <CAJs+wW35-avC6m9+vGV=OwPmj+bXE+JZCy8uTGtutg7AG3_fJw@mail.gmail.com>
Subject: Re: [VOTE] Release InstallApacheFlex 1.0 - RC5
From: Erik de Bruin <erik@ixsoftware.nl>
To: flex-dev@incubator.apache.org
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: 
 ALoCoQlOCmdH6edJ7cin0VMVAPom5NWXYLjnkkozji18hMIYc4pjBXCWXEKJHud/4XOrk2awmJaP
X-Virus-Checked: Checked by ClamAV on apache.org

Bertrand,

Thank you for your feedback. In the spirit of your remarks I have
added a paragraph "Note: ..." to the installer download page [1]. I
also added language similar to that note to the disclaimer page [2].
In version 1.1 we plan to address this in the application itself, but
for now, this should suffice. The issue is recorded in FLEX-33208.

Also, I agree the language in the README should be corrected, but I
don't see the current remark as a showstopper. We will also address
this in version 1.1. The issue is recorded in FLEX-33209.

EdB

1: http://incubator.apache.org/flex/installer.html
2: http://incubator.apache.org/flex/about-binaries.html



On Mon, Sep 24, 2012 at 5:57 PM, Bertrand Delacretaz
<bdelacretaz@apache.org> wrote:
> Hi,
>
> On Monday, September 17, 2012, Om wrote:
>
>> ...The source distributions for Windows and Mac are available here:
>> http://people.apache.org/~bigosmallm/installapacheflex_RC5/ ...
>
> The release archive looks good to me, but I have one issue about the
> installer use case - sorry that I didn't notice that earlier (and if I'm
> correct I'm surprised that nobody brought that up).
>
> IIUC the installer downloads a number of files (listed
> in installer/src/sdk-installer-config.xml) and installs them on the user's
> system.
>
> Does it make the user aware that that's happening? IMO there should be a
> confirmation somewhere, where the user is given the option of either
>
> a) Reviewing the list of files that are going to be downloaded, and
> accepting or rejecting the whole thing
>
> b) Say "I don't care, go ahead".
>
> My concern is that in terms of quality and security, we don't want Apache
> software to mess with people's systems without letting them know beforehand.
>
> Another thing in the README: "This hash is compared with the hash from the
> Apache Flex SDK release site -  If they match, we verify that the
> downloaded binary file is a valid Apache release...". Binaries are not
> Apache releases, so you shouldn't say that. I'd change it to something like
> "the md5 digest of the downloaded file is compared with one obtained from
> the apache.org website, and the installer aborts if they don't match".
>
> -Bertrand



-- 
Ix Multimedia Software

Jan Luykenstraat 27
3521 VB Utrecht

T. 06-51952295
I. www.ixsoftware.nl