[Squeakfoundation]Squeak downloads
Andreas Raab
andreas.raab at gmx.de
Sat Jun 21 03:24:26 CEST 2003
Hi,
Couple more thoughts on security: For one thing, I believe that password
protecting should be enough if we link directly from Squeak.org to the page
(so that the link cannot easily be faked). Since that's the "official"
download link, there is little chance that someone else will make up an
"alternative download page" full of warez (the front page of the Squeak
Swiki is locked too so that's another top-level entry point).
Secondly, handing out the password seems to be mostly a matter of trust to
me and there are a couple of things we can do. For people who are well-known
in the Squeak community, I think we can hand out the password relatively
freely. Access to the page should not be restricted to "primary platform
maintainers" but should be open to people who provide packages as a service
to others (such as in the form of precompiled binaries) or who just take on
the task of keeping their platform downloads up-to-date.
Then, there's the question of what happens if we ever have a situation where
some "Mr. Nobody" just pops out of nothing and has a new port to some weird
new platform. In this situation (which is unlikely as new ports typically
involve asking a few questions) we can still add the link to the download
page and see how things develop - if the person is keeping up the work we'll
get to know her better and probably hand out the password at some point.
Cheers,
- Andreas
More information about the Squeakfoundation
mailing list