You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@flex.apache.org by "Bertrand Delacretaz (JIRA)" <ji...@apache.org> on 2012/08/31 16:36:08 UTC
[jira] [Created] (FLEX-33188) InstallApacheFlex downloads binaries,
requires warnings
Bertrand Delacretaz created FLEX-33188:
------------------------------------------
Summary: InstallApacheFlex downloads binaries, requires warnings
Key: FLEX-33188
URL: https://issues.apache.org/jira/browse/FLEX-33188
Project: Apache Flex
Issue Type: Bug
Components: Installer
Reporter: Bertrand Delacretaz
IIUC InstallApacheFlex automatically downloads Flex binaries (FLEX-33187).
As the ASF does not release binaries [1], I think the installer needs to warn its users that they should get the source code instead if they want an ASF release.
[1] Search for "binar" at http://www.apache.org/dev/release.html for more info
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (FLEX-33188) InstallApacheFlex downloads
binaries, requires warnings
Posted by "Bertrand Delacretaz (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FLEX-33188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13451905#comment-13451905 ]
Bertrand Delacretaz commented on FLEX-33188:
--------------------------------------------
Thanks - I think it would be better to have a general page with explanations about how binaries are handled, also as a way to make sure PPMC members understand the issues, I'll write to the dev list about that.
> InstallApacheFlex downloads binaries, requires warnings
> -------------------------------------------------------
>
> Key: FLEX-33188
> URL: https://issues.apache.org/jira/browse/FLEX-33188
> Project: Apache Flex
> Issue Type: Bug
> Components: InstallApacheFlex
> Reporter: Bertrand Delacretaz
> Assignee: OmPrakash Muppirala
> Fix For: InstalApacheFlex 1.0
>
>
> IIUC InstallApacheFlex automatically downloads Flex binaries (FLEX-33187).
> As the ASF does not release binaries [1], I think the installer needs to warn its users that they should get the source code instead if they want an ASF release.
> [1] Search for "binar" at http://www.apache.org/dev/release.html for more info
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (FLEX-33188) InstallApacheFlex downloads
binaries, requires warnings
Posted by "Bertrand Delacretaz (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FLEX-33188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13451830#comment-13451830 ]
Bertrand Delacretaz commented on FLEX-33188:
--------------------------------------------
Sorry, I shouldn't have mixed to issues here, let's discuss the digests thing in FLEX-33195.
My concern about an explanations page about binaries hasn't been addressed so far.
> InstallApacheFlex downloads binaries, requires warnings
> -------------------------------------------------------
>
> Key: FLEX-33188
> URL: https://issues.apache.org/jira/browse/FLEX-33188
> Project: Apache Flex
> Issue Type: Bug
> Components: InstallApacheFlex
> Reporter: Bertrand Delacretaz
> Assignee: OmPrakash Muppirala
> Fix For: InstalApacheFlex 1.0
>
>
> IIUC InstallApacheFlex automatically downloads Flex binaries (FLEX-33187).
> As the ASF does not release binaries [1], I think the installer needs to warn its users that they should get the source code instead if they want an ASF release.
> [1] Search for "binar" at http://www.apache.org/dev/release.html for more info
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (FLEX-33188) InstallApacheFlex downloads
binaries, requires warnings
Posted by "Bertrand Delacretaz (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FLEX-33188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13451838#comment-13451838 ]
Bertrand Delacretaz commented on FLEX-33188:
--------------------------------------------
IIUC the installer http://incubator.apache.org/flex/installer.html is also meant to download binaries, needs the same kind of warnings.
> InstallApacheFlex downloads binaries, requires warnings
> -------------------------------------------------------
>
> Key: FLEX-33188
> URL: https://issues.apache.org/jira/browse/FLEX-33188
> Project: Apache Flex
> Issue Type: Bug
> Components: InstallApacheFlex
> Reporter: Bertrand Delacretaz
> Assignee: OmPrakash Muppirala
> Fix For: InstalApacheFlex 1.0
>
>
> IIUC InstallApacheFlex automatically downloads Flex binaries (FLEX-33187).
> As the ASF does not release binaries [1], I think the installer needs to warn its users that they should get the source code instead if they want an ASF release.
> [1] Search for "binar" at http://www.apache.org/dev/release.html for more info
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (FLEX-33188) InstallApacheFlex downloads
binaries, requires warnings
Posted by "Bertrand Delacretaz (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FLEX-33188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13452800#comment-13452800 ]
Bertrand Delacretaz commented on FLEX-33188:
--------------------------------------------
Looks good to me, thanks: the "disclaimer" link in the installer at http://incubator.apache.org/flex/installer.html links to http://incubator.apache.org/flex/installerbadge/disclaimer.html which in turns links to http://incubator.apache.org/flex/about-binaries.html
> InstallApacheFlex downloads binaries, requires warnings
> -------------------------------------------------------
>
> Key: FLEX-33188
> URL: https://issues.apache.org/jira/browse/FLEX-33188
> Project: Apache Flex
> Issue Type: Bug
> Components: InstallApacheFlex
> Reporter: Bertrand Delacretaz
> Assignee: OmPrakash Muppirala
> Fix For: InstalApacheFlex 1.0
>
>
> IIUC InstallApacheFlex automatically downloads Flex binaries (FLEX-33187).
> As the ASF does not release binaries [1], I think the installer needs to warn its users that they should get the source code instead if they want an ASF release.
> [1] Search for "binar" at http://www.apache.org/dev/release.html for more info
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (FLEX-33188) InstallApacheFlex downloads
binaries, requires warnings
Posted by "Bertrand Delacretaz (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FLEX-33188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13446013#comment-13446013 ]
Bertrand Delacretaz commented on FLEX-33188:
--------------------------------------------
I think that would be fine, that could be just a link to an explanations page at http://incubator.apache.org/flex/ with a title like "about Flex binaries" or something like that.
BTW, does the installer check digests or signatures of what it downloads? If it does not, that creates a very open backdoor...
> InstallApacheFlex downloads binaries, requires warnings
> -------------------------------------------------------
>
> Key: FLEX-33188
> URL: https://issues.apache.org/jira/browse/FLEX-33188
> Project: Apache Flex
> Issue Type: Bug
> Components: InstallApacheFlex
> Reporter: Bertrand Delacretaz
> Assignee: OmPrakash Muppirala
> Fix For: InstalApacheFlex 1.0
>
>
> IIUC InstallApacheFlex automatically downloads Flex binaries (FLEX-33187).
> As the ASF does not release binaries [1], I think the installer needs to warn its users that they should get the source code instead if they want an ASF release.
> [1] Search for "binar" at http://www.apache.org/dev/release.html for more info
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (FLEX-33188) InstallApacheFlex downloads
binaries, requires warnings
Posted by "Erik de Bruin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FLEX-33188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13451869#comment-13451869 ]
Erik de Bruin commented on FLEX-33188:
--------------------------------------
The installer BADGE utility, which simply downloads the INSTALLER binary to the user's machine, isn't an (official) release and can be found on [1] and [2] has a 'disclaimer' link opening this page:
http://incubator.apache.org/flex/installerbadge/disclaimer.html
The installer APPLICATION, the source of which is an official release, includes a 'disclaimer' button on it's UI which opens this page:
http://incubator.apache.org/flex/installer.html
I've updated these files to reflect various concerns about information about binaries and official releases.
1: http://incubator.apache.org/flex/installer.html
2: http://incubator.apache.org/flex/usingthebadge.html
> InstallApacheFlex downloads binaries, requires warnings
> -------------------------------------------------------
>
> Key: FLEX-33188
> URL: https://issues.apache.org/jira/browse/FLEX-33188
> Project: Apache Flex
> Issue Type: Bug
> Components: InstallApacheFlex
> Reporter: Bertrand Delacretaz
> Assignee: OmPrakash Muppirala
> Fix For: InstalApacheFlex 1.0
>
>
> IIUC InstallApacheFlex automatically downloads Flex binaries (FLEX-33187).
> As the ASF does not release binaries [1], I think the installer needs to warn its users that they should get the source code instead if they want an ASF release.
> [1] Search for "binar" at http://www.apache.org/dev/release.html for more info
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (FLEX-33188) InstallApacheFlex downloads
binaries, requires warnings
Posted by "Erik de Bruin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FLEX-33188?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Erik de Bruin reassigned FLEX-33188:
------------------------------------
Assignee: OmPrakash Muppirala
> InstallApacheFlex downloads binaries, requires warnings
> -------------------------------------------------------
>
> Key: FLEX-33188
> URL: https://issues.apache.org/jira/browse/FLEX-33188
> Project: Apache Flex
> Issue Type: Bug
> Components: InstallApacheFlex
> Reporter: Bertrand Delacretaz
> Assignee: OmPrakash Muppirala
> Fix For: InstalApacheFlex 1.0
>
>
> IIUC InstallApacheFlex automatically downloads Flex binaries (FLEX-33187).
> As the ASF does not release binaries [1], I think the installer needs to warn its users that they should get the source code instead if they want an ASF release.
> [1] Search for "binar" at http://www.apache.org/dev/release.html for more info
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (FLEX-33188) InstallApacheFlex downloads
binaries, requires warnings
Posted by "OmPrakash Muppirala (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FLEX-33188?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
OmPrakash Muppirala resolved FLEX-33188.
----------------------------------------
Resolution: Fixed
Erik add this page: http://incubator.apache.org/flex/about-binaries.html
I think this should suffice. Please re-open if you think this needs more work.
> InstallApacheFlex downloads binaries, requires warnings
> -------------------------------------------------------
>
> Key: FLEX-33188
> URL: https://issues.apache.org/jira/browse/FLEX-33188
> Project: Apache Flex
> Issue Type: Bug
> Components: InstallApacheFlex
> Reporter: Bertrand Delacretaz
> Assignee: OmPrakash Muppirala
> Fix For: InstalApacheFlex 1.0
>
>
> IIUC InstallApacheFlex automatically downloads Flex binaries (FLEX-33187).
> As the ASF does not release binaries [1], I think the installer needs to warn its users that they should get the source code instead if they want an ASF release.
> [1] Search for "binar" at http://www.apache.org/dev/release.html for more info
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (FLEX-33188) InstallApacheFlex downloads
binaries, requires warnings
Posted by "Erik de Bruin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FLEX-33188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13446009#comment-13446009 ]
Erik de Bruin commented on FLEX-33188:
--------------------------------------
Can this warning be 'behind' a link which is clearly visible in the application? We don't want to discourage the user too much from using this tool...
> InstallApacheFlex downloads binaries, requires warnings
> -------------------------------------------------------
>
> Key: FLEX-33188
> URL: https://issues.apache.org/jira/browse/FLEX-33188
> Project: Apache Flex
> Issue Type: Bug
> Components: InstallApacheFlex
> Reporter: Bertrand Delacretaz
> Assignee: OmPrakash Muppirala
> Fix For: InstalApacheFlex 1.0
>
>
> IIUC InstallApacheFlex automatically downloads Flex binaries (FLEX-33187).
> As the ASF does not release binaries [1], I think the installer needs to warn its users that they should get the source code instead if they want an ASF release.
> [1] Search for "binar" at http://www.apache.org/dev/release.html for more info
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (FLEX-33188) InstallApacheFlex downloads
binaries, requires warnings
Posted by "OmPrakash Muppirala (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FLEX-33188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13450921#comment-13450921 ]
OmPrakash Muppirala commented on FLEX-33188:
--------------------------------------------
Yes, the app checks the .md5 hash and verifies the downloaded flex sdk binary. If the has does not match, the installation is aborted.
> InstallApacheFlex downloads binaries, requires warnings
> -------------------------------------------------------
>
> Key: FLEX-33188
> URL: https://issues.apache.org/jira/browse/FLEX-33188
> Project: Apache Flex
> Issue Type: Bug
> Components: InstallApacheFlex
> Reporter: Bertrand Delacretaz
> Assignee: OmPrakash Muppirala
> Fix For: InstalApacheFlex 1.0
>
>
> IIUC InstallApacheFlex automatically downloads Flex binaries (FLEX-33187).
> As the ASF does not release binaries [1], I think the installer needs to warn its users that they should get the source code instead if they want an ASF release.
> [1] Search for "binar" at http://www.apache.org/dev/release.html for more info
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira