Hi,

I've been viewing another project wine-dependency-hell-solver and found a weird download link:

https://www.ddsystem.com.br/update/setup/vb6+sp6/VS6SP6.EXE

I asked the devloper here and he linked me to your project which uses the same url to download the file. See

This URL seems a bit suspicious to me. Could you please provide more context or rationale behind choosing this source? Specifically, I am concerned about the security and legitimacy of this file.

Are there any checks or verifications done to ensure the integrity and safety of this download?

Thank you!

Chris

The site does look a bit odd, considering it was supposedly changed to "use archive.org for download" in 74ad00c [1], but the sha256sum does seem to be correct still though, so it /should/ probably be safe¿

1. 74ad00c

Given that it was 3 years ago, my memory is fuzzy, but I think I had archive.org in mind because I made several commits around that time that DID use archive.org:
d3ca43c
2b04c2b
0669aa6
c9e31ea
c4c4f74

That said, I did mess up a second commit message, in 8a29d2a.

I agree the site seems questionable, but the sha256sum matches, and AFAIK sha256 isn't compromised. While archive.org seems 'safer', it's also flaky at times, so I preferred the more stable website.

Until/unless I find a stable place to host redistributable binaries (#1696), this seems like the most stable solution.

https://web.archive.org/web/20160222035203/http://download.microsoft.com/download/1/9/f/19fe4660-5792-4683-99e0-8d48c22eed74/Vs6sp6.exe

Is this better?

Depends on your view of 'better'. As I said, archive.org is more reputable, but can be unstable. The binary is the same, (sha256 matches).