[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
re: re: updates
|
From: |
amep |
|
Subject: |
re: re: updates |
|
Date: |
Fri Jan 19 19:57:02 2001 |
There is a step you may want add: GPG signing the source once it has
been audited. This would allow people to make sure the copy they have
is actually the one which was audited. This is probably not very
important now, but if and when there are mirrors it is possible that
there would be trojan mirrors. Just a thought.
-Arthur
From: David O'Toole <address@hidden>
Subject: re: re: updates
Date: Fri, 19 Jan 2001 19:13:49 -0500 (EST)
> But I am thinking about how a plugin repository would work. Each plugin
> could be identified by two URL's.... something like
>
> octalmachines.sourceforge.net/getmachine.php?id=mono_delay
> octalmachines.sourceforge.net/infomachine.php?id=mono_delay
>
> One script delivers some info about the plugin, the other actually echoes
> it to the web browser. So doing "wget" on that first URL could save the
> plugin into a file, and this could also be done on mirrors.
>
> There was a discussion a while back about security, having no trojan horse
> plugins. (Not that I think anyone here is doing them of course
> :-) but down the road if this program has many users, it could
> happen.) Grepping for system() and popen() might help, though
> surely people could get around that with preprocessor token pasting. I
> don't remember who mentioned it, he basically said we should have someone
> audit them and read thru the source before putting it in the registry or
> one of its mirrors.
>
> I think this would make it easy for folks to put up mirrors and such,
> since the registry would just be the plugin.c (or .cc) and a plugin.txt
> info file. Plus those two small PHP scripts to make the URL's work. So if
> you are looking to help out in the realm of web stuff, that would be a big
> help.
>
> We already have the octalmachines.sourceforge virtual domain, so I could
> probably just add interested folks to the project. I think this would give
> them web access there to help organize plugins.
>
> Is this a completely silly idea, or could it work?
>
> -dave
pgp8pXY6gDw43.pgp
Description: PGP signature
- Re: updates, (continued)
- Re: updates, markus, 2001/01/20
- OCTAL and LADSPA, David O'Toole, 2001/01/20
- Re: OCTAL and LADSPA, Fredrik Roos, 2001/01/29
- Re: OCTAL and LADSPA, David O'Toole, 2001/01/29
- Re: OCTAL and LADSPA, Fredrik Roos, 2001/01/30
- Re: OCTAL and LADSPA, Knos, 2001/01/30
- Re: OCTAL and LADSPA, David O'Toole, 2001/01/30
- Re: OCTAL and LADSPA, David O'Toole, 2001/01/30
- spinbuttons, Luka Frelih, 2001/01/30
re: re: updates, David O'Toole, 2001/01/19
re: re: updates, Danny P., 2001/01/20