Thank you for reaching out to me regarding your concerns and those
communicated by others on the DA forums.
The rfxn.com projects are created first and foremost for my own use in
my day-to-day job, as convenience tools and a means to address issues I
run into on a daily basis. It is that experience and the issues I face
daily, that guides me in the creation of my projects and how they are
released, modified and developed going forward. At times, this can
conflict with the transparency or logic to releases or silent changes
that may go live. Any such transparency gaps or silent version changes
are often done so to address an issue I have run into on a given day and
required an immediate resolution of.
From my perspective, the rfxn.com tools are vital components of the
servers I maintain for my employer and I do apologize if any of my
changes occasionally do not mesh with development best practices. The
projects are released GPL and as-is, I do so on the basis that if they
are convenient and useful to me, surely they will be for others as well.
That all being said, transparency is important and though the few
backported silent changes I may make, generally I try maintain good
changelogs and hold myself to a set of standards that users of my
projects can trust in. The development changelog of LMD 1.5 currently in
the works can be viewed below:
http://rfxn.com/downloads/CHANGELOG.maldet.dev
As time permits, I hope to complete version 1.5 over the next few weeks
which will bring some great changes to the project as can be seen from
the changelog.
With regards to the security of the rfxn.com server, it is important to
note that the projects development and source data does not reside on
the rfxn.com public web servers but instead backend development systems
located at my home. The project downloads on rfxn.com are synced from my
development system every 30 minutes with explicit delete/overwrite
enabled, such that if the rfxn.com server was ever trojaned or
compromised, the downloads data would be overwritten with clean
information within 30 minutes. Further, all content in the downloads
repository is md5 hashed and the development vs production downloads
copies are compared every 30 minutes as well, if issues are found an
alert is immediately dispatched to me and the download file is
automatically disabled till such time I manually investigated/enable it
again.
Although there is no silver bullet, I feel confident in stating that the
downloads are well protected. I make great efforts in protecting the
rfxn.com downloads repository with both a secure server and secure
content distribution practices which together provide a high degree of
assurance. I will however add an option into 1.5 that allows the
disabling of automatic version updates.
Please let me know if you have any additional thoughts or concerns and I
will be glad to discuss them, thank you.