Hi Guys,
I had recently the need to review the download and installation of Squeak on various platforms and to be honest - it's a mess. If you try to find your way around Squeak.org's download area you get lost so incredibly fast, it's amazing that some people manage to get Squeak anyways.
Since I know that all of you are busy, I've done some work on it. My proposal is to link from Squeak.org directly into the main Squeak Swiki and there, provide a download page as can be seen at:
http://minnow.cc.gatech.edu/squeak/3262
Let me say a few words about what I'm trying to do here.
First of all, the point is to download Squeak not to look at funny pictures. The eye-candy at Squeak.org is certainly nice but when it comes to download we want those files - and nothing more. So there are quite deliberately no icons on this page.
Secondly, I think people often look for documentation of Squeak most of which is found at the Swiki. Hosting the download page at the Swiki itself means that *everyone* who has ever downloaded Squeak has seen the Swiki at least once. That's what the first sentence in the above is for - so people know they are now at the right place. In addition, using a Swiki means we can much more easily change and update things. When a new version gets out we just change it and then, as the latest platform bundles come in, update the information appropriately. The download area at the Swiki also means we have a more level playing ground for alternative ports (you may see that one entry lists MobVM which is otherwise impossible to find).
About the contents of the download table: * "full" means a bundle that absolutely includes everything you need to run Squeak. As we don't provide this for all packages we may have some missing entries. However, it's a Swiki so it's simple for people to make one up on their own and we just link it. * "image" means image+changes+sources for the listed "stable" version of that platform. Nothing is more bothering than to see that a BeOS port exist but not to know what one needs to download. * "stable VM" means the latest stable VM known to run well for the listed stable version of Squeak. Therefore, "image" + "stable VM" is everything you need if you haven't a full package available * "VM source code" explicitly links to the source code for the VM in question. Many people find it extremely hard to find the sources for VMs so here we can point them directly towards it.
In addition, we have an "info" link which allows us to link to specific places for some VM/port. This allows us to decouple the primary download place from information such as port maintainer, release notes, specific bits about the platform. All of this is useful information but it should be hosted elsewhere.
Based on the above download page, I figure that a new Squeak release process (exemplified with 3.6) would consist of the following steps: a) we make a copy of the current download page and name it appropriately (such as "DownloadsForSqueak3.5") - this is now a "previous version" b) change the latest stable version and link to the previous version. In effect this means you can always wander backwards through all the old versions and get - for example - exactly the "right" VM for Squeak 3.2 or so. Therefore we only need to link to some previous versions here. c) Update the links for the "primary" full/image packages which Bruce handles.
From here on, we can leave everything as is. If we have some platform
maintainer who wants to update his or her port, she can simply update "her row" in the table. So it's a very simple, straightforward and obvious process which means that if people are interested they have a single place where they can download about everything that's interesting about Squeak.
What do you think?
Cheers, - Andreas
Andreas,
Yes, this is great. Very clear, and it allows individual platform VM authors to distribute a new VM version just by editing the Swiki page. It will make Bruce O'Neel and my job easier.
--Ted.
At 5:46 PM +0200 6/19/03, Andreas Raab wrote:
Since I know that all of you are busy, I've done some work on it. My proposal is to link from Squeak.org directly into the main Squeak Swiki and there, provide a download page as can be seen at:
Ted,
Yes, after talking to Mike about this we realized how important fast turnaround times are. All of us have lots of things to do and being able to update "one's own port" should dramatically improve the accuracy of information provided while at the same time being a showcase for the vast variety of platforms Squeak runs on (this is why I've added the explicit stable versions and image package for each port).
Cheers, - Andreas
-----Original Message----- From: squeakfoundation-bounces@lists.squeakfoundation.org [mailto:squeakfoundation-bounces@lists.squeakfoundation.org] On Behalf Of Ted Kaehler Sent: Thursday, June 19, 2003 9:21 PM To: Discussing the Squeak Foundation Subject: Re: [Squeakfoundation]Squeak downloads
Andreas,
Yes, this is great. Very clear, and it allows individual platform VM authors to distribute a new VM version just by editing the Swiki page. It will make Bruce O'Neel and my job easier.
--Ted.
At 5:46 PM +0200 6/19/03, Andreas Raab wrote:
Since I know that all of you are busy, I've done some work on it. My proposal is to link from Squeak.org directly into the main
Squeak Swiki and
there, provide a download page as can be seen at:
Squeakfoundation mailing list Squeakfoundation@lists.squeakfoundation.org http://lists.squeakfoundation.org/listinfo/squeakfoundation
Hi andreas
this looks good to me and I hope this will help the people reading my books. I will ask my boss to have a look because he always complained with the other one.
Stef
On Thursday, June 19, 2003, at 05:46 PM, Andreas Raab wrote:
Hi Guys,
I had recently the need to review the download and installation of Squeak on various platforms and to be honest - it's a mess. If you try to find your way around Squeak.org's download area you get lost so incredibly fast, it's amazing that some people manage to get Squeak anyways.
Since I know that all of you are busy, I've done some work on it. My proposal is to link from Squeak.org directly into the main Squeak Swiki and there, provide a download page as can be seen at:
http://minnow.cc.gatech.edu/squeak/3262
Let me say a few words about what I'm trying to do here.
First of all, the point is to download Squeak not to look at funny pictures. The eye-candy at Squeak.org is certainly nice but when it comes to download we want those files - and nothing more. So there are quite deliberately no icons on this page.
Secondly, I think people often look for documentation of Squeak most of which is found at the Swiki. Hosting the download page at the Swiki itself means that *everyone* who has ever downloaded Squeak has seen the Swiki at least once. That's what the first sentence in the above is for - so people know they are now at the right place. In addition, using a Swiki means we can much more easily change and update things. When a new version gets out we just change it and then, as the latest platform bundles come in, update the information appropriately. The download area at the Swiki also means we have a more level playing ground for alternative ports (you may see that one entry lists MobVM which is otherwise impossible to find).
About the contents of the download table:
- "full" means a bundle that absolutely includes everything you need
to run Squeak. As we don't provide this for all packages we may have some missing entries. However, it's a Swiki so it's simple for people to make one up on their own and we just link it.
- "image" means image+changes+sources for the listed "stable" version
of that platform. Nothing is more bothering than to see that a BeOS port exist but not to know what one needs to download.
- "stable VM" means the latest stable VM known to run well for the
listed stable version of Squeak. Therefore, "image" + "stable VM" is everything you need if you haven't a full package available
- "VM source code" explicitly links to the source code for the VM in
question. Many people find it extremely hard to find the sources for VMs so here we can point them directly towards it.
In addition, we have an "info" link which allows us to link to specific places for some VM/port. This allows us to decouple the primary download place from information such as port maintainer, release notes, specific bits about the platform. All of this is useful information but it should be hosted elsewhere.
Based on the above download page, I figure that a new Squeak release process (exemplified with 3.6) would consist of the following steps: a) we make a copy of the current download page and name it appropriately (such as "DownloadsForSqueak3.5") - this is now a "previous version" b) change the latest stable version and link to the previous version. In effect this means you can always wander backwards through all the old versions and get - for example - exactly the "right" VM for Squeak 3.2 or so. Therefore we only need to link to some previous versions here. c) Update the links for the "primary" full/image packages which Bruce handles.
From here on, we can leave everything as is. If we have some platform
maintainer who wants to update his or her port, she can simply update "her row" in the table. So it's a very simple, straightforward and obvious process which means that if people are interested they have a single place where they can download about everything that's interesting about Squeak.
What do you think?
Cheers,
- Andreas
Squeakfoundation mailing list Squeakfoundation@lists.squeakfoundation.org http://lists.squeakfoundation.org/listinfo/squeakfoundation
I like the idea of making the download page easily editable and actually favor the whole squeak.org being a swiki that was easily editable by the appropriate people.
I have concerns about security, though. With the current minnow swiki setup, it seems pretty easy for someone to upload files or change download page links to Trojan versions of the software. What can we do to ensure the integrity of the links and the files to the official distributions?
Mark A. Schwenk wrote:
I like the idea of making the download page easily editable and actually favor the whole squeak.org being a swiki that was easily editable by the appropriate people.
I have concerns about security, though. With the current minnow swiki setup, it seems pretty easy for someone to upload files or change download page links to Trojan versions of the software. What can we do to ensure the integrity of the links and the files to the official distributions?
Very good point! An alternative, and also my first thought on this before Andreas convinced me about the advantages of having this on the Squeak swiki, was to put the download page on an easy accessible server, e.g. squeakfoundation.org, so a number of guides etc would have access rights.
Or is there another way we can have our cake and eat it?
The method of dealing with mp3 and graffiti would not apply here, a single trojan download would be a desaster!
Michael
That's a good point. I think that for now there is not much except password-protecting the page. Does anyone know if there's any work being done on managing rights (e.g., require people to log in and then have per-user permissions)? Even requiring people to be registered should solve 90% of the vandalism problems (you'd just require a valid email address and send an initial password to that address).
Cheers, - Andreas
-----Original Message----- From: squeakfoundation-bounces@lists.squeakfoundation.org [mailto:squeakfoundation-bounces@lists.squeakfoundation.org] On Behalf Of Mark A. Schwenk Sent: Thursday, June 19, 2003 10:49 PM To: Discussing the Squeak Foundation Subject: Re: [Squeakfoundation]Squeak downloads
I like the idea of making the download page easily editable and actually favor the whole squeak.org being a swiki that was easily editable by the appropriate people.
I have concerns about security, though. With the current minnow swiki setup, it seems pretty easy for someone to upload files or change download page links to Trojan versions of the software. What can we do to ensure the integrity of the links and the files to the official distributions? -- Mark A. Schwenk mas@wellthot.com WellThot Inc.
Squeakfoundation mailing list Squeakfoundation@lists.squeakfoundation.org http://lists.squeakfoundation.org/listinfo/squeakfoundation
Looks good to me...however, I doubt I would trust it being on a Swiki (for the security reasons previously discussed). Here are some ideas for how to mitigate that issue:
- add submissions/approval capability to Swiki - keep the download page on a regular web server and use WebDav to give publishing authorization to VM publishers - strongly recommend that VM publishers also cryptographically sign their download files (and write some instructions and exactly how to do this so that everyone follows the same procedure...and ensure that those procedures are good ones)
- Stephen
Andreas Raab wrote:
Hi Guys,
I had recently the need to review the download and installation of Squeak on various platforms and to be honest - it's a mess. If you try to find your way around Squeak.org's download area you get lost so incredibly fast, it's amazing that some people manage to get Squeak anyways.
Since I know that all of you are busy, I've done some work on it. My proposal is to link from Squeak.org directly into the main Squeak Swiki and there, provide a download page as can be seen at:
http://minnow.cc.gatech.edu/squeak/3262
Let me say a few words about what I'm trying to do here.
First of all, the point is to download Squeak not to look at funny pictures. The eye-candy at Squeak.org is certainly nice but when it comes to download we want those files - and nothing more. So there are quite deliberately no icons on this page.
Secondly, I think people often look for documentation of Squeak most of which is found at the Swiki. Hosting the download page at the Swiki itself means that *everyone* who has ever downloaded Squeak has seen the Swiki at least once. That's what the first sentence in the above is for - so people know they are now at the right place. In addition, using a Swiki means we can much more easily change and update things. When a new version gets out we just change it and then, as the latest platform bundles come in, update the information appropriately. The download area at the Swiki also means we have a more level playing ground for alternative ports (you may see that one entry lists MobVM which is otherwise impossible to find).
About the contents of the download table:
- "full" means a bundle that absolutely includes everything you need to run
Squeak. As we don't provide this for all packages we may have some missing entries. However, it's a Swiki so it's simple for people to make one up on their own and we just link it.
- "image" means image+changes+sources for the listed "stable" version of
that platform. Nothing is more bothering than to see that a BeOS port exist but not to know what one needs to download.
- "stable VM" means the latest stable VM known to run well for the listed
stable version of Squeak. Therefore, "image" + "stable VM" is everything you need if you haven't a full package available
- "VM source code" explicitly links to the source code for the VM in
question. Many people find it extremely hard to find the sources for VMs so here we can point them directly towards it.
In addition, we have an "info" link which allows us to link to specific places for some VM/port. This allows us to decouple the primary download place from information such as port maintainer, release notes, specific bits about the platform. All of this is useful information but it should be hosted elsewhere.
Based on the above download page, I figure that a new Squeak release process (exemplified with 3.6) would consist of the following steps: a) we make a copy of the current download page and name it appropriately (such as "DownloadsForSqueak3.5") - this is now a "previous version" b) change the latest stable version and link to the previous version. In effect this means you can always wander backwards through all the old versions and get - for example - exactly the "right" VM for Squeak 3.2 or so. Therefore we only need to link to some previous versions here. c) Update the links for the "primary" full/image packages which Bruce handles.
From here on, we can leave everything as is. If we have some platform
maintainer who wants to update his or her port, she can simply update "her row" in the table. So it's a very simple, straightforward and obvious process which means that if people are interested they have a single place where they can download about everything that's interesting about Squeak.
What do you think?
Cheers,
- Andreas
Squeakfoundation mailing list Squeakfoundation@lists.squeakfoundation.org http://lists.squeakfoundation.org/listinfo/squeakfoundation
Ya, for some time now I've been PGP signing the macintosh VMs (classic & os-x). However I'ven not been doing that for the plugins (yet...). I can't say anyone has ever check this information, and we don't have anyway for joe novice to check. Some packaging systems do check md5 checksums and/or signatures and do complain which I believe caught some Trojans in the past.
Certainly having something that would tell you the files have been altered, would either point out a Trojan, or more likely that you've corrupted things in the download, which always seems a sore point for joe novice user. Can say how we do this tho.
On Thursday, June 19, 2003, at 02:23 PM, Stephen Pair wrote:
Looks good to me...however, I doubt I would trust it being on a Swiki (for the security reasons previously discussed). Here are some ideas for how to mitigate that issue:
- add submissions/approval capability to Swiki
- keep the download page on a regular web server and use WebDav to
give publishing authorization to VM publishers
- strongly recommend that VM publishers also cryptographically sign
their download files (and write some instructions and exactly how to do this so that everyone follows the same procedure...and ensure that those procedures are good ones)
-- ======================================================================== === John M. McIntosh johnmci@smalltalkconsulting.com 1-800-477-2659 Corporate Smalltalk Consulting Ltd. http://www.smalltalkconsulting.com ======================================================================== ===
Hi Andreas,
The download area at the Swiki also means we have a more level playing ground for alternative ports (you may see that one entry lists MobVM which is otherwise impossible to find).
Thanks for your thoughtful consideration. It's really appreciated.
Obviously, as someone already pointed out, there are certain issues that need to be resolved before we can have our cake and eat it too.
I, for one, am looking forward to enjoy the cake (and wouldn't mind some extra icing ;-)
I do believe that the Squeak community will come up with something.
Cheers,
PhiHo.
----- Original Message ----- From: "Andreas Raab" andreas.raab@gmx.de To: squeakfoundation@lists.squeakfoundation.org Sent: Thursday, June 19, 2003 11:46 AM Subject: [Squeakfoundation]Squeak downloads
Hi Guys,
I had recently the need to review the download and installation of Squeak on various platforms and to be honest - it's a mess. If you try to find your way around Squeak.org's download area you get lost so incredibly fast, it's amazing that some people manage to get Squeak anyways.
Since I know that all of you are busy, I've done some work on it. My proposal is to link from Squeak.org directly into the main Squeak Swiki and there, provide a download page as can be seen at:
http://minnow.cc.gatech.edu/squeak/3262
Let me say a few words about what I'm trying to do here.
First of all, the point is to download Squeak not to look at funny pictures. The eye-candy at Squeak.org is certainly nice but when it comes to download we want those files - and nothing more. So there are quite deliberately no icons on this page.
Secondly, I think people often look for documentation of Squeak most of which is found at the Swiki. Hosting the download page at the Swiki itself means that *everyone* who has ever downloaded Squeak has seen the Swiki at least once. That's what the first sentence in the above is for - so people know they are now at the right place. In addition, using a Swiki means we can much more easily change and update things. When a new version gets out we just change it and then, as the latest platform bundles come in, update the information appropriately. The download area at the Swiki also means we have a more level playing ground for alternative ports (you may see that one entry lists MobVM which is otherwise impossible to find).
About the contents of the download table: * "full" means a bundle that absolutely includes everything you need to run Squeak. As we don't provide this for all packages we may have some missing entries. However, it's a Swiki so it's simple for people to make one up on their own and we just link it. * "image" means image+changes+sources for the listed "stable" version of that platform. Nothing is more bothering than to see that a BeOS port exist but not to know what one needs to download. * "stable VM" means the latest stable VM known to run well for the listed stable version of Squeak. Therefore, "image" + "stable VM" is everything you need if you haven't a full package available * "VM source code" explicitly links to the source code for the VM in question. Many people find it extremely hard to find the sources for VMs so here we can point them directly towards it.
In addition, we have an "info" link which allows us to link to specific places for some VM/port. This allows us to decouple the primary download place from information such as port maintainer, release notes, specific bits about the platform. All of this is useful information but it should be hosted elsewhere.
Based on the above download page, I figure that a new Squeak release process (exemplified with 3.6) would consist of the following steps: a) we make a copy of the current download page and name it appropriately (such as "DownloadsForSqueak3.5") - this is now a "previous version" b) change the latest stable version and link to the previous version. In effect this means you can always wander backwards through all the old versions and get - for example - exactly the "right" VM for Squeak 3.2 or so. Therefore we only need to link to some previous versions here. c) Update the links for the "primary" full/image packages which Bruce handles.
From here on, we can leave everything as is. If we have some platform
maintainer who wants to update his or her port, she can simply update "her row" in the table. So it's a very simple, straightforward and obvious process which means that if people are interested they have a single place where they can download about everything that's interesting about Squeak.
What do you think?
Cheers, - Andreas
_______________________________________________ Squeakfoundation mailing list Squeakfoundation@lists.squeakfoundation.org http://lists.squeakfoundation.org/listinfo/squeakfoundation
I'm being hopelessly nitpicky here but I can't get to minnow to look at the example page so I have to do _something_ :-)
a) we make a copy of the current download page and name it appropriately (such as "DownloadsForSqueak3.5") - this is now a "previous version"
This should be Download _of_ Squeak since 'for' implies stuff to add to squeak. SM would properly be 'for'.
See, I told you it was hopelessly nitpicky.
tim -- Tim Rowledge, tim@sumeru.stanford.edu, http://sumeru.stanford.edu/tim The next generation of computers will have a "Warranty Expired" interrupt.
Thank you Thank you Thank you!
On Thursday, June 19, 2003, at 09:46 AM, Andreas Raab wrote:
Hi Guys,
I had recently the need to review the download and installation of Squeak on various platforms and to be honest - it's a mess. If you try to find your way around Squeak.org's download area you get lost so incredibly fast, it's amazing that some people manage to get Squeak anyways.
Since I know that all of you are busy, I've done some work on it.
I like this so much I edited the page a little in the hope of making it even better. I even got carried away and did a small sweep to cleanup some of the VM/VMMaker related pages.
I think the platforms really ought to be listed in alphabetical order though.
tim -- Tim Rowledge, tim@sumeru.stanford.edu, http://sumeru.stanford.edu/tim Computer possessed? Try DEVICE=C:\EXOR.SYS
squeakfoundation@lists.squeakfoundation.org
-
Andreas Raab -
John M McIntosh -
Mark A. Schwenk -
Michael Rueger -
PhiHo Hoang -
Simon Michael -
Stephane Ducasse -
Stephen Pair -
tblanchard@mac.com -
Ted Kaehler -
Tim Rowledge