[Squeakfoundation]Squeak downloads

Stephane Ducasse ducasse at iam.unibe.ch
Sat Jun 21 09:26:02 CEST 2003 

About security

could some of you explain what exactly would be a good security model?
We are developing SmallWiki that already support role (but without good 
interface for the moment).
so we are interested to incorporate the best security model we can 
think of.

Stef


On Saturday, June 21, 2003, at 01:25 AM, Doug Way wrote:

> Daniel Vainsencher wrote:
>
>> I like the design. The security concerns seem a bit bogus to me - the
>> download page was always on the swiki, and it's not that hard to 
>> change
>> the link to point to some "warez" FTP site full of appropriately named
>> trojans. Harder than with the new scheme, but not very hard.
>>
>> I think we can switch to this layout, and handle security lazily - 
>> start
>> worrying after the first attack.
>>
>
> Well, we could at least set a password for the swiki page, which would 
> be better than no security.  I assume it's at least somewhat difficult 
> to change a swiki page's contents (or uploads) if you don't know the 
> password?
>
> The people who maintain the various Squeak ports could all share the 
> same password, which would not be posted publicly anywhere.  Since 
> this is only 5 or 6 people or so, this seems like it wouldn't be too 
> big of a hassle.
>
> Eventually it would be great to have better swiki security, but in the 
> meantime, maybe this would work?
>
> By the way, I agree that Andreas' table layout is a lot nicer than 
> what we have now.
>
> - Doug
>
>
>> Andreas Raab <andreas.raab at gmx.de> wrote:
>>
>>> Hi Guys,
>>>
>>> I had recently the need to review the download and installation of 
>>> Squeak on
>>> various platforms and to be honest - it's a mess. If you try to find 
>>> your
>>> way around Squeak.org's download area you get lost so incredibly 
>>> fast, it's
>>> amazing that some people manage to get Squeak anyways.
>>>
>>> Since I know that all of you are busy, I've done some work on it. My
>>> proposal is to link from Squeak.org directly into the main Squeak 
>>> Swiki and
>>> there, provide a download page as can be seen at:
>>>
>>> 	http://minnow.cc.gatech.edu/squeak/3262
>>>
>>>
>>> Let me say a few words about what I'm trying to do here.
>>> First of all, the point is to download Squeak not to look at funny 
>>> pictures.
>>> The eye-candy at Squeak.org is certainly nice but when it comes to 
>>> download
>>> we want those files - and nothing more. So there are quite 
>>> deliberately no
>>> icons on this page.
>>> Secondly, I think people often look for documentation of Squeak most 
>>> of
>>> which is found at the Swiki. Hosting the download page at the Swiki 
>>> itself
>>> means that *everyone* who has ever downloaded Squeak has seen the 
>>> Swiki at
>>> least once. That's what the first sentence in the above is for - so 
>>> people
>>> know they are now at the right place. In addition, using a Swiki 
>>> means we
>>> can much more easily change and update things. When a new version 
>>> gets out
>>> we just change it and then, as the latest platform bundles come in, 
>>> update
>>> the information appropriately. The download area at the Swiki also 
>>> means we
>>> have a more level playing ground for alternative ports (you may see 
>>> that one
>>> entry lists MobVM which is otherwise impossible to find).
>>>
>>> About the contents of the download table:
>>> * "full" means a bundle that absolutely includes everything you need 
>>> to run
>>> Squeak. As we don't provide this for all packages we may have some 
>>> missing
>>> entries. However, it's a Swiki so it's simple for people to make one 
>>> up on
>>> their own and we just link it.
>>> * "image" means image+changes+sources for the listed "stable" 
>>> version of
>>> that platform. Nothing is more bothering than to see that a BeOS 
>>> port exist
>>> but not to know what one needs to download.
>>> * "stable VM" means the latest stable VM known to run well for the 
>>> listed
>>> stable version of Squeak. Therefore, "image" + "stable VM" is 
>>> everything you
>>> need if you haven't a full package available
>>> * "VM source code" explicitly links to the source code for the VM in
>>> question. Many people find it extremely hard to find the sources for 
>>> VMs so
>>> here we can point them directly towards it.
>>>
>>> In addition, we have an "info" link which allows us to link to 
>>> specific
>>> places for some VM/port. This allows us to decouple the primary 
>>> download
>>> place from information such as port maintainer, release notes, 
>>> specific bits
>>> about the platform. All of this is useful information but it should 
>>> be
>>> hosted elsewhere.
>>>
>>> Based on the above download page, I figure that a new Squeak release 
>>> process
>>> (exemplified with 3.6) would consist of the following steps:
>>> a) we make a copy of the current download page and name it 
>>> appropriately
>>> (such as "DownloadsForSqueak3.5") - this is now a "previous version"
>>> b) change the latest stable version and link to the previous 
>>> version. In
>>> effect this means you can always wander backwards through all the old
>>> versions and get - for example - exactly the "right" VM for Squeak 
>>> 3.2 or
>>> so. Therefore we only need to link to some previous versions here.
>>> c) Update the links for the "primary" full/image packages which Bruce
>>> handles.
>>>
>>>> From here on, we can leave everything as is. If we have some 
>>>> platform
>>> maintainer who wants to update his or her port, she can simply 
>>> update "her
>>> row" in the table. So it's a very simple, straightforward and obvious
>>> process which means that if people are interested they have a single 
>>> place
>>> where they can download about everything that's interesting about 
>>> Squeak.
>>>
>>> What do you think?
>>>
>>> Cheers,
>>>  - Andreas
>>>
>>> _______________________________________________
>>> Squeakfoundation mailing list
>>> Squeakfoundation at lists.squeakfoundation.org
>>> http://lists.squeakfoundation.org/listinfo/squeakfoundation
>>>
>> _______________________________________________
>> Squeakfoundation mailing list
>> Squeakfoundation at lists.squeakfoundation.org
>> http://lists.squeakfoundation.org/listinfo/squeakfoundation
>>
>
>
> _______________________________________________
> Squeakfoundation mailing list
> Squeakfoundation at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/listinfo/squeakfoundation
>

More information about the Squeakfoundation mailing list