Open alexnest-ua opened 2 years ago
sivillakonski
commented
2 years ago @alexnest-ua, the way the software like this is being released, it's quite normal to have it with different names since the name contains a version in it. Usually, it's people expect to see what version of software they downloaded.
For example Docker images, almost all the time you would stick to some particular tag, isn't it?
arriven
commented
2 years ago I was actually considering that some time ago but didn't find enough arguments to switch. I think I'll change the naming pattern for now and reevaluate switching back to normal usage once the war ends and we no longer need all those automation things
alexnest-ua
commented
2 years ago @alexnest-ua, the way the software like this is being released, it's quite normal to have it with different names since the name contains a version in it. Usually, it's people expect to see what version of software they downloaded.
For example Docker images, almost all the time you would stick to some particular tag, isn't it?
Fortunately, every day I specially go to your GitHub and check for updates, but what about the many published articles where the version is 0.6.7 and even lower?
I even noticed that you did 3-5 versions in one, so big releases are not done like that ...
I don’t understand at all how you haven’t done auto-update yet, when all other similar programs have done this for a long time
arriven
commented
2 years ago first of all, there is an auto update feature present in the app and you can even enable it with --enable-self-update --restart-on-update. The problem with it is that I don't have resources to test it out properly (it doesn't work on my machine due to my security measurements and there's no sense in doing that from docker). It would be a lot easier to make an external app that would use this project as its attacking core and provide all those fancy UI and auto-update features as I don't have resources or team to do that. The project is completely open though so anyone who has enough experience can do that if they wish so and I would be happy to use my reach to promote that (and more stable versioning would actually be beneficial in that scenario)
Also I feel like auto update is a very easy way to exploit security and I personally would have harder time trusting an app with those capabilities - how can you be sure that I don't go rogue and don't release a new version that would steal all your data or do something similar to peacenotwar module in node-ipc?
alexnest-ua
commented
2 years ago first of all, there is an auto update feature present in the app and you can even enable it with
--enable-self-update --restart-on-update. The problem with it is that I don't have resources to test it out properly (it doesn't work on my machine due to my security measurements and there's no sense in doing that from docker). It would be a lot easier to make an external app that would use this project as its attacking core and provide all those fancy UI and auto-update features as I don't have resources or team to do that. The project is completely open though so anyone who has enough experience can do that if they wish so and I would be happy to use my reach to promote that (and more stable versioning would actually be beneficial in that scenario)Also I feel like auto update is a very easy way to exploit security and I personally would have harder time trusting an app with those capabilities - how can you be sure that I don't go rogue and don't release a new version that would steal all your data or do something similar to
peacenotwarmodule innode-ipc?
1) You where published here https://t.me/itarmyofukraine2022/245 (290k subs), so no one will think that you are a scammer, you have proven it over time 2) Auto-update is very effective and can solve many problems with older versions that didn't work well (of course they won't update themselves, but it can prevent such problems from happening in the future) 3) Thanks for your update with normal names of versions, here are some working links for you to always get the latest versions: Linux: https://github.com/Arriven/db1000n/releases/latest/download/db1000n_linux_amd64.tar.gz Windows: https://github.com/Arriven/db1000n/releases/latest/download/db1000n_windows_amd64.zip Mac M1: https://github.com/Arriven/db1000n/releases/latest/download/db1000n_darwin_arm64.tar.gz Mac Intel: https://github.com/Arriven/db1000n/releases/latest/download/db1000n_darwin_amd64.tar.gz
P.S. Please don't forget not to change the names of the files in the releases in the future.
P.P.S We will try to make you auto-update program, I will report here.
arriven
commented
2 years ago I agree that auto update is a nice feature and that it solves a lot of problems but the main reason that feature is experimental (and not enabled by default) is because I need to heavily tweak my setup to test it. I don't think I would enable it until I find a way to fully test it on CI and right now I'm struggling to come up with an idea of proper automated test for it. Having a separate "launcher" executable that would take care of updates could make it a bit simpler, there's probably a reason why most games use separate launcher to handle updates
As for trustworthiness, I do hope I've made enough to get people's trust but from pure security consideration I'm still an insider threat as it's not that hard to compromise a single person/account (I have security measures in place but you can't know that for sure). Yes, it's probably not something a regular user would be worried about but as someone who is cautious about overall security I think it would be better if people were more aware of such possibilities
dzhonzojdberg
commented
2 years ago You say very clever things, frankly and logically. Thank you for explaining the problem. I would like to make a more significant contribution, but I lack programming skills, but I will try to involve people who can. Whatever it is, remember that you are not alone and do a great job. Thank you!
cyroth
commented
2 years ago If you're happy to handle updates outside of the app, you could try Watchtower for anyone using it via Docker.
Please, make your releases with the same program names, that in auto-scripts, we could just get the latest version from one link (otherwise I'm already tired of always changing it here ...)
For example: https://github.com/disbalancer-project/main/releases/latest/download/launcher-disbalancer-go-client-linux-amd64
All you need to do is make the following structure: https://github.com/disbalancer-project/main/releases Everything else I will do myself
Thanks