>From what I understand, that app does verify the MD5 of the downloaded files from mirrors -- so in effect, it is verifying that the downloads are authentic enough that they are "singed" by us.
I don't believe the Adobe downloads are signed, nor are MD5 checked. I don't know if that is of concern, but we don't provide the MD5 checks for those downloads using our normal, manual process. Adobe has the right to update those prerequisites without letting us know, which may cause issues if we do MD5 checking. As far as a notice that files are being downloaded -- that is exactly it. They are being downloaded and extracted. They are not being 'installed' onto the system. Installed in my mind says that binaries are set to be run by the OS, with stuff in the start menu (or applications folder), etc. That is NOT what this utility does. It simply grabs all the prerequisites from the 15 or so locations we require them from, and extracts them in the correct format onto the user's PC. Nothing more happens without the user moving forward. Personally, I'm at the stance that we should get this out the door. It is functioning as expected, and while we could belabor the user to death with 1,000 more warnings, I don't think they need it. -Nick On Wed, Sep 26, 2012 at 4:19 AM, Bertrand Delacretaz <bdelacre...@apache.org > wrote: > Hi, > > On Wed, Sep 26, 2012 at 9:47 AM, Erik de Bruin <e...@ixsoftware.nl> wrote: > > This is starting to feel like the never-ending [VOTE] :( Are all > > releases going to be like this, or will it get better (smoother, less > > frustrating) later on?... > > I understand your frustration, sorry that I didn't notice the > FLEX-33210 problem earlier, but as I said i'm very surprised that no > one else here seems to be bothered by Flex software blindly installing > stuff on user's boxes. > > If it's just my opinion and a few others say that they don't care > about releasing the installer with FLEX-33210 unresolved, I'll accept > that. > > > ...I honestly feel that adding another dialog to the program > > will do nothing to educate the user - after all, who really reads > > them, you click OK and get on with what you came to the installer for, > > downloading the SDK - I see the legal reasoning behind it and agree, > > reluctantly, that it should be included in the software.... > > It's not a legal matter as far as I'm concerned, more a quality issue, > I personally don't want any Apache software to install stuff on user's > boxes without giving them the opportunity to check what's happening > beforeheand. > > > > > Om, if feel an RC6 (!) coming up in the near future... > > Let's see what others think about FLEX-33210 - mentors for example? > > -Bertrand >
