[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Strange download link on the web page [was: Re: Subversion 1.10.2 Checksum (SHA512)]

From: Branko Čibej <brane_at_apache.org>
Date: Sat, 22 Sep 2018 16:59:50 +0200

On 22.09.2018 16:43, Daniel Shahaf wrote:
> Branko Čibej wrote on Sat, 22 Sep 2018 16:29 +0200:
>> On 22.09.2018 16:22, Branko Čibej wrote:
>>> On 22.09.2018 16:13, Daniel Shahaf wrote:
>>>> Please don't download the artifacts from www*.apache.org but from a
>>>> mirror. I think there is a redirector CGI somewhere that automatically
>>>> redirects you to a mirror close to you, but I can't find it :(
>>> http://subversion.apache.org/download.cgi
>>> Linked from our main page.
>> [The original thread is on users@]
>> I just noticed that when I click the 'Source Download' link in the
>> navigation tab on our web page, I get:
>> http://subversion.apache.org/download.cgi?update=201708081800
>> instead of plain
>> http://subversion.apache.org/download.cgi
>> Can anyone remember why that is? It seems wrong, and also doesn't appear
>> to do anything, since the page contents and especially download links
>> appear to be the same in both cases.
>> It was done in r1804690, the log message is:
>> Release Subversion 1.9.7 with a fix for CVE-2017-9800.
>> So it's possible that we forgot to clean that up after the security fix
>> release ... and also that the ?update= parameter doesn't appear to work
>> properly (any more).
> The ?update= parameter is used to only offer mirrors that have synced
> after the specified YYMMDDhhmm date. We use it after a security release when
> the email announcement is less than 24 hours after the upload to /dist/release,
> in order to prevent offering mirrors that don't carry the just-released artifacts.
> The reason the parameter seems to have no effect is that the threshold
> date it sets is over a year ago, and all mirrors have update since then,
> so it excludes no mirrors from the list.
> Yes, we can remove it now.. but, frankly, I'd rather keep it, so we
> don't have to look up the syntax the next time we need it. It sounds like
> we could add a comment, though.

Good idea; r1841687.

-- Brane
Received on 2018-09-22 16:59:59 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.