MS windows and gnupg
Robert J. Hansen
rjh at sixdemonbag.org
Sat Sep 17 10:33:54 CEST 2011
On 9/17/2011 3:51 AM, M.R. wrote:
> I agree with you to some extent. I also happen to believe there are
> ways of tamper-resistant distribution of binaries that require the
> trust in the application provider and no one else; at least not
> someone else in the distribution channel. In addition, the ability
> of an average end-user to inspect the source is long gone.
This is why we have code signing. Solved problem. (You can argue that
GnuPG should distribute Authenticode-signed Windows binaries, and there
might be some merit to that argument: but the existing setup of MD5
hashes and GnuPG signatures posted for releases serves the same purpose.)
> I firmly believe this is quite different cattle of fish from
> ~application distribution~.
App distribution should be as an installer package appropriate for the
OS in question, which GnuPG does via NSIS. Again, I don't see the problem.
Code distribution should be as a build environment that can be used
without undue effort by a modestly skilled programmer. Again, I don't
see the problem with Autotools: I've yet to meet a Windows C/C++
developer who was unable to get MinGW set up, especially since MinGW
moved to a much more convenient installer model.
> This situation calls for simple shell scripts and not makefiles.
Oh, *hell* no. Forgive my visceral reaction there, but whenever anyone
suggests going back to the bad old days I get a case of the flaming,
Quoting John Calcote's excellent Autotools book:
"Originally, configuration scripts were hand-coded shell
scripts designed to set variables based on platform-specific
characteristics. They also allowed users to configure
package options before running make. This approach worked
well for decades, but as the number of Linux distributions
and custom Unix systems grew, the variety of features and
installation and configuration options exploded, so it became
very difficult to write a decent portable configuration
script. In fact, it was much more difficult to write a
portable configuration script than it was to write Makefiles
for a new project. ...
In the early 1990s it was apparent to many open-source
developers that project configuration would become painful
if something wasn't done to ease the burden of writing
massive shell scripts to manage configuration options. The
number of GNU project packages had grown to hundreds, and
maintaining consistency between their separate build systems
had become more time consuming than simply maintaining the
code for these projects. These problems had to be solved."
John is a dinosaur, in the best possible sense of the word: he remembers
the bad old days of "simple shell scripts" driving builds, and he
remembers how they turned into complex, unportable messes. This was one
of the major driving forces behind the development of modern build
systems. Let's not turn back the clock on progress.
More information about the Gnupg-users