Comments (4)
The issues that seem related to this are #6 and #10 .
This seems like it's referring to two different things:
- A separate, offline installation story
- Integrity checking and establishing trust
The reason that I haven't been looking at the offline point is because software distributed these days needs to have an updating story, and the updating system implies an online packaging system, and once that exists an installer consuming it is very natural. Put another way, if the same bits happened to be installed via some other mechanism, there'd still be an online updating component that has all of the flaws it currently does.
Since Yori has no registry entries or similar, copying it to a new machine is just about copying the files. There needs to be one Internet connected machine to download content either way.
In terms of establishing trust, I'd fully admit that what exists today is deficient. Establishing trust with an online updater seems like it can't be done with hashes, because the hashes of a new version are unknown, and if they can be communicated in a tamper proof fashion they wouldn't be needed because the update could be communicated directly via that mechanism. What I'd been assuming is the real solution for integrity checking in an online world is a form of digital signature that can enforce same-origin, so that any new version can be attested to come from the same source as the previous version. Once that is done, TLS is redundant, and the only remaining issue is establishing trust of the stub installer. That said, I've been looking into other areas and am happy to accept contributions.
The reason for not using github to host the online repository is because it is accessed by client software, it forms part of an API, so the repository needs to be in a specific form that can be guaranteed to exist in a compatible form for a long time. It seems easier to do this with a full VM host and long-lived DNS entry, because I can promise to make it work for a decade, whereas I cannot promise that a third party service will exist in unmodified form on that kind of timescale.
I'd suggest though that online installation and online updating are becoming expected features for software, and I'd encourage you to consider how to solve issues within the realm of the online installer rather than trying to push the updating problem to the user. My life would be a lot easier if updating was a user problem, but that doesn't seem to be where things are going.
from yori.
Apologies for the late reply!
My short response: I think it is still a useful thing to add a binary release here on GitHub.
In more details:
I agree that keeping software updated is almost always a good thing, but you there are a few problems of requiring an online installer:
- You may not have an internet connection at installation time.
- Not all machines have (or should have) an internet connection. You should be able to take a full installer with you to another machine using a USB stick or something similar.
- The problem with the lack of TLS on your site is not just MITM, there is also passive snooping on the contents.
- Even with TLS, a connection to you site is in itself a point of identification, as opposed to something as popular as GitHub.
- This is a secondary distribution method for those who need it. You can choose not to mention it on you site or in the ReadMe here and even put a warning to discourage it in favor of the main update mechanism. If the user has a reason to use this other method, I think you should allow it.
Establishing trust with an online updater seems like it can't be done with hashes, because the hashes of a new version are unknown, and if they can be communicated in a tamper proof fashion they wouldn't be needed because the update could be communicated directly via that mechanism.
You can put the hashes on GitHub. It would be less likely for someone to compromise both your site and your GitHub account.
The reason for not using github to host the online repository is because it is accessed by client software, it forms part of an API, so the repository needs to be in a specific form that can be guaranteed to exist in a compatible form for a long time. It seems easier to do this with a full VM host and long-lived DNS entry, because I can promise to make it work for a decade, whereas I cannot promise that a third party service will exist in unmodified form on that kind of timescale.
You don't have to use GitHub to host the installer-accessed repository. Just a copy of the binaries for those who need it.
from yori.
- You may not have an internet connection at installation time.
- Not all machines have (or should have) an internet connection. You should be able to take a full installer with you to another machine using a USB stick or something similar.
This should work today. See things like "ypm -download-stable". Obviously you need some internet connection somewhere at some time, but you can install many machines from it. Note also that ysetup.exe looks for packages in a subdirectory by default which was done to allow USB/ISO installation. See SetupLocalPathsToCheck .
- The problem with the lack of TLS on your site is not just MITM, there is also passive snooping on the contents.
This is saying that you trust me to know that you downloaded it, but don't trust your ISP.
- Even with TLS, a connection to you site is in itself a point of identification, as opposed to something as popular as GitHub.
This is saying that you don't trust me but do trust GitHub/Microsoft.
Obviously people are free to decide who they do and do not trust. Note that in terms of source code, you can download it from either my server or GitHub, and after that me/GitHub/Microsoft/your ISP have no idea what you choose to do next.
You can put the hashes on GitHub.
You don't have to use GitHub to host the installer-accessed repository.
These two things directly contradict each other. If the installer needs to talk to GitHub, it becomes part of the API. I'm treating GitHub as a useful place to host the code where other people can see it and contribute to it, but if it disappears tomorrow, the code still moves forward.
The real point is, this is MIT licensed code. I'm going to keep trying to ensure the online installer meets as many needs as it can, and if others would prefer to build their own binaries and/or distribute my binaries in some other way, they are certainly free to do so.
from yori.
- Even with TLS, a connection to you site is in itself a point of identification, as opposed to something as popular as GitHub.
This is saying that you don't trust me but do trust GitHub/Microsoft.
No! I trust you enough to run your code on my machine! I trust that GitHub won't change your code or releases.
I mean behavioral tracking. Accessing niche websites helps identify a user across IPs or even countries as opposed to connecting to GitHub and SourceForge. It is not the end of the world, just a point I was making.
Obviously people are free to decide who they do and do not trust. Note that in terms of source code, you can download it from either my server or GitHub, and after that me/GitHub/Microsoft/your ISP have no idea what you choose to do next.
I wish I was skilled enough to do that!
You can put the hashes on GitHub.
You don't have to use GitHub to host the installer-accessed repository.These two things directly contradict each other. If the installer needs to talk to GitHub, it becomes part of the API. I'm treating GitHub as a useful place to host the code where other people can see it and contribute to it, but if it disappears tomorrow, the code still moves forward.
I meant putting the hashes as a helpful addition, not make it part of a new delivery method to replace the current one. Many many developers release their programs on GitHub with checksums, even if they have their own website which also has the downloads.
The real point is, this is MIT licensed code. I'm going to keep trying to ensure the online installer meets as many needs as it can, and if others would prefer to build their own binaries and/or distribute my binaries in some other way, they are certainly free to do so.
I didn't mean to antagonize you. It was just a request. Sorry if I came across as demanding.
from yori.
Related Issues (20)
- Ctrl-C stops working after terminating GUI app once HOT 5
- Provide all installer options as command line arguments HOT 2
- Allow for a custom starting directory HOT 2
- Command line length limit in Yori ? Like 8191 in cmd ? HOT 2
- Implement long path pseudo current directory HOT 4
- Broken alias command for paths with spaces HOT 2
- Feature request: Option in Tee to remove color HOT 2
- yori's lsof breaks react-scripts HOT 3
- Yori installer for the arm64 Windows HOT 4
- current version -- 2.0 is marked as infected with a trojan by Windows Defender HOT 3
- yenv: accept variable from stdin HOT 4
- "cab.exe -s -u" does not overwrite files with read-only and system attributes set HOT 2
- "ycopy.exe -p" raises ERRORLEVEL to 1 if there is nothing to overwrite HOT 1
- Can't run Notepad HOT 2
- YoriInit.ys1 script %__APPDIR__% and %__CD__% environment variables on Windows XP HOT 2
- throw er; // Unhandled 'error' event HOT 2
- fail to install yori-core on amd HOT 2
- If ErrorLevel / Is Yori Elevated ? HOT 20
- yhash not supported in Windows XP HOT 4
- Scrolling with mouse wheel in Windows Terminal isn't working unless you hold down Shift while scrolling HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from yori.