-
john_r365[m]
Ok, just to slightly further that conversation from a few days ago. We had said that the server housing the binaries for CLI/GUI/RPC etc. is high risk. Malicious use of it could lead to binaries that swindle users funds.... (full message at
libera.ems.host/_matrix/media/r0/do…63bb6d7273d434471563c91a1e120cd85cc)
-
john_r365[m]
On the new domain, some content could be created (maybe a banner?) to make people specifically aware that they should continue to download binaries from getmonero.org - as that's the only trusted source
-
john_r365[m]
Thoughts fluffypony ?
-
ErCiccione
john_r365: could be a good solution. If there is enough interest i would open an issue on github. Easier to track and not lose it
-
selsta
I honestly don't understand the suggestion.
-
selsta
The only save way is if users check hashes + signature.
-
selsta
safe*
-
selsta
In my opinion if costs become an issue we should use Github for hosting binaries. They offer a free CDN for open source projects.
-
selsta
(We already upload the binaries to Github)
-
selsta
As for the website, it's a static website. It shouldn't be too difficult to find a host for it. Github Pages, Netlify, ...
-
selsta
This should be significantly less expensive. Also I'm skeptical that this would be a significantly less secure solution.
-
selsta
Plus it would mean that we don't have to do maintenance ourselves.
-
selsta
The only thing we would have to check is if Github CDN is available from China, as that was one of the reasons to use our own.
-
selsta
^ suggestion is for when costs + finding someone for maintaining becomes an issue
-
moneromooo
FWIW I have this GUI program that downloads and checks signatures from the gitian repo. I suspect noone knows about it beyond a dozen people. Others have made similar programs as well. They make checking signatures idiot proof (I think).
-
moneromooo
Does require a connection to github though, for access to the gitian repo.
-
john_r365[m]
<moneromooo> "FWIW I have this GUI program..." <- Could you share more details of this?
-
john_r365[m]
<selsta> "I honestly don't understand..." <- To clarify…... (full message at
libera.ems.host/_matrix/media/r0/do…8895b3f40847fe22cf7b09a49992102417e)
-
selsta
Github pages wouldn't support Tor.
-
john_r365[m]
Ok
-
carrington[m]
My recent ramblings seem relevant here:
-
carrington[m]
-
carrington[m]
Basically: torrents good
-
carrington[m]
If "everything except downloads" was a separate (less secured) website, people would be encouraged in that scenario to verify the signatures (e.g. moo's tool) and/or check that the magnet link they are using matches what is posted widely by multiple trusted people
-
moneromooo
-
fluffypony
selsta: john_r365[m] is arguing for weaker access to the GetMonero server, ie. open it up to more people and keep the downloads secure
-
fluffypony
john_r365[m]: any banner etc. can and will be trivially removed by an attacker
-
fluffypony
getmonero.org is a critical part of the ecosystem, as most people don't even bother checking sigs / hashes
-
fluffypony
we have an obligation to protect and defend that to the best of our ability, even if it introduces some inconvenience
-
selsta
yea, if the website is insecure it doesn't matter how secure the download server is
-
john_r365[m]
Fluffypony: thanks for the reply
-
john_r365[m]
For clarity, I’m just trying to brainstorm a way to move past the current status quo
-
john_r365[m]
I’m not wedded to any single solution for that