incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <robw...@apache.org>
Subject Re: [RELEASE]: download page on the AOO project webpage
Date Fri, 04 May 2012 16:55:00 GMT
On Fri, May 4, 2012 at 12:47 PM, Dave Fisher <dave2wave@comcast.net> wrote:
>
> On May 4, 2012, at 9:40 AM, Rob Weir wrote:
>
>> On Fri, May 4, 2012 at 12:16 PM, Fernando Cassia <fcassia@gmail.com> wrote:
>>> On Fri, May 4, 2012 at 12:46 PM, Dave Fisher <dave2wave@comcast.net> wrote:
>>>
>>>> I think we should offer mappings and have this page definitely download
>>>> via the Apache mirrors. I know what to do to make this work with the Apache
>>>> mirror cgi.
>>>
>>>
>>> I think I had read somewhere about Apache choosing to use SourceForge's
>>> network of mirrors around the world for distribution?
>>>
>
> That is correct for the www.openoffice.org/download/ main download page.
>
> The legacy 3.3 binaries should continue to be available from the MirrorBrain network.
>
> A portion of the Apache Mirrors will also seed AOO. The page being discussed here is
on the project site at incubator.apache.org/openofficeorg/. This page will serve through the
Apache Mirrors. The mirror operators are seeding these large binaries and we need to use those
as well.
>

No. no. no.  We're trying to reduce the number of places where
download logic lives.  If we have a download link for AOO on the
incubator page it should just point to the download.openoffice.org.

>> A distribution consists of several pieces:
>>
>> 1) The binaries, i.e., the install images.  These are served up via SourceForge
>>
>> 2) The source tarballs -- These could go out via Apache mirror network
>> if we want.  Or SourceForge.  Is will be very low volume in either
>> case.
>
> I'm for doing Source and SDK on the Apache Mirrors.
>
>>
>> 3) The detached signatures and hashes,  For these we must link our
>> page to the Apache copies on /dist.  This is an essential part of the
>> verification model.  This is how the user is protected against a rogue
>> mirror operator or a "man-in-the-middle" attack,  They can always
>> verify their download against the authoritative hashes and signature
>> on the Apache server.
>
> This is a key point and should probably be a separate thread.
>
> Regards,
> Dave
>
>
>
>>
>> -Rob
>>
>>> FC
>>> --
>>> During times of Universal Deceit, telling the truth becomes a revolutionary
>>> act
>>> Durante épocas de Engaño Universal, decir la verdad se convierte en un Acto
>>> Revolucionario
>>> - George Orwell
>

Mime
View raw message