|cp1134||is there anything in particular you have to do to have a recodring apply to a visually selected region?|
|day_sleeper||Are there any cryptographic signatures for the windows installer or the source code?|
Or downloads with ssl?
|calmar||day_sleeper: cvn or what vim uses, it not sure enough?|
|day_sleeper||calmar: Sorry, I don't understand what you mean. :)|
|calmar||day_sleeper: you want to make sure, you download from a 'secure' place?|
(getting the 'original' or so?)
|day_sleeper||calmar: Yes, exactly. You know (maybe) there are some discussion about the "Bundestrojaner" here in germany. Some politivans want to change law so they can force the ISPs to inject arbitrary code in downloads and suchs things.|
And I'm quite sure however they want to do it, it can also be exployted.
It would be nice if there were some signatures or signed md5/sha1 files like e. g. it is be done with firefox.
|yuriks||day_sleeper: wow that sucks|
day_sleeper: be sure to make a bunch of China and Internet related posters and put them around the city
|day_sleeper||Yeah luckily there are demos and such against this. Some other politicans also say, the others seem mentally disordered. :)|
|calmar||day_sleeper: from what I understand, only some developers can produce and upload those binaries < protected with a password so.|
|day_sleeper||But independant of that discussion, "normal" man-in-the-middle attacks are possible w/o signed checksums or suchs.|
but then I just think "who the fuck would bother with me?" and go on =]
|calmar||day_sleeper: well, when you're really interested, may post your concerning also at the vim mailing list. there you might get quite some answers..|
|day_sleeper||I searched the mailinglist a bit if Bram sends out checksome or something in his announcements, but he doesn't it seems.|
calmar: Yeah, I should do that it seems.
|yuriks||day_sleeper: they could just alter the checksum too you know|
|calmar||when you ask there, he might reply you why etc. yeah. you may should|
|day_sleeper||yuriks: Yes, when they are not signed. If signed the probabilty it is forged is arbitrary small.|
|calmar||i guess it would have get signed with gpg or so. that would be quite save.|
but i'm sure they will tell you some reasons...
|day_sleeper||calmar: What is signed?|
|calmar||or will do it in the future|
|day_sleeper||Maybe there was just not enough awareness of this?|
|calmar||who knows. maybe|
I would guess, they thought about that already so.
md5sum is good for checking if the download is ok, not much more.
|Eucal||say, how do I say "find 'string' in file, but don't search comment lines" ?|
|calmar||[^#].*string or similar|
|day_sleeper||Eucal: Tune your regex so will be no comment seperator before the string?|
It's important that is it anchored at the beginning then.