GitHub is the best choice for us to host our downloads for the foreseeable future. There is another big reason for this which we haven’t covered yet in this thread: it helps us keep bandwidth costs down.
I also agree that GitHub is not intuitive to people who haven’t seen it before. I sometimes forget this, I’ve been using it for a long time and it’s a great solution for managing and developing code. This is why ClassicPress uses it for development.
This wouldn’t help us in this particular case, because we need a download backed by a chain of trust and a cryptographically verifiable process.
git + GitHub gives us this, and GitHub custom domains are mostly for hosting static websites rather than full
There are a few things we can do to improve the situation though:
- Link directly to the zip file on GitHub, instead of requiring multiple clicks. We need a way to do this without requiring an update each time we release a new ClassicPress version, and as @omukiguy says above he has written code for this, we just haven’t integrated it into the site yet.
- Publish the public key (I just did this). So far, all releases have been signed with key ID
79C0F7BD, details here: https://pgp.mit.edu/pks/lookup?search=releases%40classicpress.net&op=vindex
- Make further progress on our implementation of automatic update signatures and verification.
Edit: the above key link seems to be down intermittently, here is another one: http://pool.sks-keyservers.net:11371/pks/lookup?search=0x79C0F7BD&op=vindex