Question Regarding Download URL in src/winetricks Script
milamer opened this issue · comments
Hi,
I've been viewing another project wine-dependency-hell-solver and found a weird download link:
https://www.ddsystem.com.br/update/setup/vb6+sp6/VS6SP6.EXE
I asked the devloper here and he linked me to your project which uses the same url to download the file. See
Line 13271 in 3832928
This URL seems a bit suspicious to me. Could you please provide more context or rationale behind choosing this source? Specifically, I am concerned about the security and legitimacy of this file.
Are there any checks or verifications done to ensure the integrity and safety of this download?
Thank you!
Chris
Given that it was 3 years ago, my memory is fuzzy, but I think I had archive.org in mind because I made several commits around that time that DID use archive.org:
d3ca43c
2b04c2b
0669aa6
c9e31ea
c4c4f74
That said, I did mess up a second commit message, in 8a29d2a.
I agree the site seems questionable, but the sha256sum matches, and AFAIK sha256 isn't compromised. While archive.org seems 'safer', it's also flaky at times, so I preferred the more stable website.
Until/unless I find a stable place to host redistributable binaries (#1696), this seems like the most stable solution.
Depends on your view of 'better'. As I said, archive.org is more reputable, but can be unstable. The binary is the same, (sha256 matches).