On 10/10/14, 10:07 PM, "Justin Mclean" <jus...@classsoftware.com> wrote:
>Hi, > >> The installer currently downloads the zip or tar.gz from dist/mirror and >> then downloads the md5 from dist. > >How does that work on linux? You assuming that the install script can't >do a MD5 check and they must do it manually? Well yes. You go to our site to download the binary tar.gz or zip. You should verify it yourself, but if you don¹t, if you can unzip/untar it and find an installer.xml file, it pretty much has to be ok. > >> it runs the script, which might choose to checksum any otherdownloads. > >How it that possible to release unless you modify the installer files >after you vote and deploy? The main package that contains installer.xml is not checksummed by the installer.xml. The installer does that or as I explained above, the Linux user does it or assumes it is good if it unzips/untars cleanly. All other dependency downloads don¹t affect the checksum on the main package, although we now can override most of them via .properties files on flex.a.o. -Alex
