On 27 August 2015 at 15:33, Volker Braun wrote:
> On Thursday, August 27, 2015 at 10:22:23 AM UTC-4, John Cremona wrote:
>>
>> How would I know that it had finished? After selecting the file it goes
>> back to the "choose file" page with no apparant change and nothing
>> happening.
>>
>
> You ca
On Thursday, August 27, 2015 at 10:22:23 AM UTC-4, John Cremona wrote:
>
> How would I know that it had finished? After selecting the file it goes
> back to the "choose file" page with no apparant change and nothing
> happening.
>
You can upload multiple files, so its by design that you can cho
On 27 August 2015 at 15:13, Volker Braun wrote:
> Hmm it did not work for you. Maybe you didn't wait long enough for the
> upload to finish? The site will show you the SHA1 and download link (
> http://fileserver.sagemath.org:8080/api/v1/pkg/download/77f404be91fd605f6220a1411912f578c8947c50)
> wh
Hmm it did not work for you. Maybe you didn't wait long enough for the
upload to finish? The site will show you the SHA1 and download link
(http://fileserver.sagemath.org:8080/api/v1/pkg/download/77f404be91fd605f6220a1411912f578c8947c50)
when its finished.
I just tried with Firefox and it work
The problem with the file name is that it can be wrong, so you'd have to be
able to remove/overwrite previously-used names. Whereas the SHA1 is always
correct and really is all that is needed to download the file from the Sage
build scripts.
On Wednesday, August 26, 2015 at 10:42:44 PM UTC-
On 27 August 2015 at 09:16, John Cremona wrote:
>
>
> On 27 August 2015 at 03:42, Dan Drake wrote:
>
>> On Saturday, August 8, 2015 at 12:22:18 PM UTC-7, Volker Braun wrote:
>>>
>>> In order to streamline updating third-party tarballs I've written a
>>> small web app where you can directly uploa
On 27 August 2015 at 03:42, Dan Drake wrote:
> On Saturday, August 8, 2015 at 12:22:18 PM UTC-7, Volker Braun wrote:
>>
>> In order to streamline updating third-party tarballs I've written a small
>> web app where you can directly upload them. That way you don't need to host
>> files yourself. Pl
On Saturday, August 8, 2015 at 12:22:18 PM UTC-7, Volker Braun wrote:
>
> In order to streamline updating third-party tarballs I've written a small
> web app where you can directly upload them. That way you don't need to host
> files yourself. Plus, the files can be retrieved by sha1 so with a li
On 08/10/2015 11:34 AM, Vincent Delecroix wrote:
>
> Let me propose something less stupid: the first time you access to a
> website you have to accept the certificate manually (if you wish you can
> have a look at the fingerprint). Then, until it changes nothing happens
> (the very same way ssh
On 08/10/2015 08:38 AM, Volker Braun wrote:
> On Monday, August 10, 2015 at 11:42:16 AM UTC+2, vdelecroix wrote:
>
> I agree with you: from a technical point of view this is stupid.
>
>
> It is not. There is no security without the chain of trust. Maybe in a
> parallel universe where everybo
an alternative might be to use github - package maintainers can create
tarballs
via github release creation.
On Saturday, 8 August 2015 20:22:18 UTC+1, Volker Braun wrote:
>
> In order to streamline updating third-party tarballs I've written a small
> web app where you can directly upload them.
Precisely. Tee way http works is strictly less secure than the most insecure
HTTPS scenario.
If I wanted to mitm some HTTPS connection, I wouldn't do so by redirecting the
victim to a fake HTTPS web page, but to a fake http one. The lack of warnings
from the browser would make such an attack go
On Monday, August 10, 2015 at 7:10:43 PM UTC+2, mmarco wrote:
>
> What I meant is that it doesn't make any sense to show a scary warning in
> the case of "encrypted but not verified" pages, but don't show any warning
> in the case of "neither encrypted nor verified" plain http pages. The
> secon
On Monday, August 10, 2015 at 5:34:49 PM UTC+2, vdelecroix wrote:
>
> Moreover, who can be a certificate authority?
There is always google if you want to know the requirements for a CA
Your proposal would result in daily "new certificate" warnings as you
browse to new web pages and/or certifica
What I meant is that it doesn't make any sense to show a scary warning in the
case of "encrypted but not verified" pages, but don't show any warning in the
case of "neither encrypted nor verified" plain http pages. The second is
strictly less secure than the first... yet the browser induces the
What I meant is that it doesn't make any sense to show a scary warning in the
case of "encrypted but not verified" pages, but don't show any warning in the
case of "neither encrypted nor verified" plain http pages. The second is
strictly less secure than the first... yet the browser induces the
On 10/08/15 14:38, Volker Braun wrote:
On Monday, August 10, 2015 at 11:42:16 AM UTC+2, vdelecroix wrote:
I agree with you: from a technical point of view this is stupid.
It is not. There is no security without the chain of trust. Maybe in a
parallel universe where everybody is so far on the
On Monday, August 10, 2015 at 11:42:16 AM UTC+2, vdelecroix wrote:
>
> I agree with you: from a technical point of view this is stupid.
>
It is not. There is no security without the chain of trust. Maybe in a
parallel universe where everybody is so far on the autistic spectrum that
they religio
On 10/08/15 11:32, mmarco wrote:
I really don't understand why browsers show a scary warning when you try to
connect a web page by https with an untrtusted certificate...
Do you? A certificate authority makes money from selling certificates.
They use a lot of energy in forcing browser develope
Even without checking the certificate, https is mre secure than plain http.
Of course you are vulnerable to MITM attacks (just as you are with http),
but at least you are secure from pasive attacks.
I really don't understand why browsers show a scary warning when you try to
connect a web page b
On 08/09/2015 07:09 AM, Volker Braun wrote:
> Yes, though we don't have a certificate for *.sagemath.org. Besides the
> cost, you also need to periodically renew etc. Though I'm hoping that
> Let's Encrypt (https://letsencrypt.org) will fix that. Launching this
> September...
Just use a self-signe
Yes, though we don't have a certificate for *.sagemath.org. Besides the
cost, you also need to periodically renew etc. Though I'm hoping that Let's
Encrypt (https://letsencrypt.org) will fix that. Launching this September...
On Sunday, August 9, 2015 at 12:57:50 PM UTC+2, mmarco wrote:
>
> I t
I think that, since it involves sending login information, it should use
https instead of http
El sábado, 8 de agosto de 2015, 21:22:18 (UTC+2), Volker Braun escribió:
>
> In order to streamline updating third-party tarballs I've written a small
> web app where you can directly upload them. Th
23 matches
Mail list logo
