incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roberto Galoppini <>
Subject Re: [RELEASE]: download page on the AOO project webpage
Date Fri, 04 May 2012 17:02:29 GMT
On Fri, May 4, 2012 at 6:55 PM, Rob Weir <> wrote:
> On Fri, May 4, 2012 at 12:47 PM, Dave Fisher <> wrote:
>> On May 4, 2012, at 9:40 AM, Rob Weir wrote:
>>> On Fri, May 4, 2012 at 12:16 PM, Fernando Cassia <> wrote:
>>>> On Fri, May 4, 2012 at 12:46 PM, Dave Fisher <>
>>>>> I think we should offer mappings and have this page definitely download
>>>>> via the Apache mirrors. I know what to do to make this work with the
>>>>> mirror cgi.
>>>> I think I had read somewhere about Apache choosing to use SourceForge's
>>>> network of mirrors around the world for distribution?
>> That is correct for the main download page.
>> The legacy 3.3 binaries should continue to be available from the MirrorBrain network.
>> A portion of the Apache Mirrors will also seed AOO. The page being discussed here
is on the project site at This page will serve through
the Apache Mirrors. The mirror operators are seeding these large binaries and we need to use
those as well.
> No. no. no.  We're trying to reduce the number of places where
> download logic lives.  If we have a download link for AOO on the
> incubator page it should just point to the

My understanding from past conversations on the binaries topic is that
we'll have SourceForge serving binaries, and MirrorBrain serving
updates. This will make easy to track downloads and have meaningful


>>> A distribution consists of several pieces:
>>> 1) The binaries, i.e., the install images.  These are served up via SourceForge
>>> 2) The source tarballs -- These could go out via Apache mirror network
>>> if we want.  Or SourceForge.  Is will be very low volume in either
>>> case.
>> I'm for doing Source and SDK on the Apache Mirrors.
>>> 3) The detached signatures and hashes,  For these we must link our
>>> page to the Apache copies on /dist.  This is an essential part of the
>>> verification model.  This is how the user is protected against a rogue
>>> mirror operator or a "man-in-the-middle" attack,  They can always
>>> verify their download against the authoritative hashes and signature
>>> on the Apache server.
>> This is a key point and should probably be a separate thread.
>> Regards,
>> Dave
>>> -Rob
>>>> FC
>>>> --
>>>> During times of Universal Deceit, telling the truth becomes a revolutionary
>>>> act
>>>> Durante épocas de Engaño Universal, decir la verdad se convierte en un
>>>> Revolucionario
>>>> - George Orwell

This e- mail message is intended only for the named recipient(s) above. It 
may contain confidential and privileged information. If you are not the 
intended recipient you are hereby notified that any dissemination, 
distribution or copying of this e-mail and any attachment(s) is strictly 
prohibited. If you have received this e-mail in error, please immediately 
notify the sender by replying to this e-mail and delete the message and any 
attachment(s) from your system. Thank you.

View raw message