Tranquil IT Forum

wapt enterprise 2.5.5.15602

server: Debian
package machine: Windows 10

Hello,

I just noticed that the tis-adobeair package on the Tranquil-it repository is no longer being maintained.
The version available on the Tranquil-it repository is v32.0.0.125-6, but v51.0.13 is currently available.

Is it Tranquil-it's intention to stop updating this package since the transition to Harman, is it simply an oversight, or does it have a different name?For your information,

the software is available here: https://airsdk.harman.com/runtime

Do I need to create a package to replace the Tranquil-it one on my network?
Sincerely,

Hello Benoît,

Benoit wrote: ↑June 24, 2024 - 8:34 AM I just noticed that the tis-adobeair package on the Tranquil it repository is no longer being maintained.
Indeed, the version available on the Tranquil it repository is v32.0.0.125-6, whereas v51.0.13 is currently available.

Is it Tranquil it's intentional to stop updating this package since the transition to Harman, is it simply an oversight, or does it have a different name?

It's difficult to keep track of publisher changes for the 1000+ packages we have in the store. Luti monitors publisher websites, but if a site isn't updated, Luti will simply indicate that there are no new updates. And if no customer reports any conflicting information (such as a third-party publisher taking over support), the most likely scenario is that the software simply no longer receives updates. Therefore, I conclude that we don't have many customers still relying on Adobe Air, and no one has reported using the Harman version so far.

The software is available here: https://airsdk.harman.com/runtime

Do I need to create a package to replace the Tranquil-it one in my IT infrastructure?

I'll submit an internal ticket for the package integration into Luti. However, no date has been promised (the package backlog is quite large)

If it's really urgent for you, you can contact support or do it internally at home.

Sincerely,

Denis

Hello @dcardon,

Thank you for your feedback.

I wasn't aware of how packages are updated on the Tranquil it repository.

Thank you for your clarification.

I will do a complete checkup of my packages downloaded from your repository.

Are packages reserved for WAPT Enterprise licenses managed in the same way?

Regards,

Hello Benoit,

Benoit wrote: ↑June 24, 2024 - 9:50 AMThank you for your feedback.

I wasn't aware of the method used to update packages on the Tranquil it repository.

Thank you for your clarification.

I will do a complete checkup of my packages downloaded from your repository.

The work done on Luti, its operating methods, and all the security measures in place around it are not yet sufficiently highlighted...

But basically, what's interesting is that of the 1200+ packages listed on Luti, more than half also have a "luticheck" that monitors the publisher's website. Once there's a change on the publisher's website, for packages with a luticheck, the new binary is automatically:
* downloaded from the publisher's website
* tested on virustotal
* automatically packaged on a temporary VM
* installed, then uninstalled on a temporary VM
* Version N-1 is installed, then the new version is installed to validate the upgrade on a temporary machine
* If everything went well, the package is signed with a temporary key and placed on the wapt-testing repository
* After 5 days, if the status has not changed on virustotal, the package is switched to the store.

For your information, we are the "first uploader" (first to send a file to VirusTotal) for more than half of the binaries we send. So we are even more responsive than most publishers in this regard...

The Luti farm is fully automated, and Tranquil IT's package technicians cannot push a package directly to wapt-testing or the store without going through the Luti farm. All package changes on Luti are logged on Git, and Luti uses these changes to build the packages.

Are packages reserved for wapt enterprise licenses managed in the same way?

There is no difference in how Luti functions between the different packages in the store. As a reminder, we provide a package supply chain with a high level of security, but the end administrator remains responsible for their network, and among other things, we have no guarantee regarding what publishers put in their executables, apart from the virustotal check and the package retention period in the wapt-testing repository.

Sincerely,

Denis

Hello dcardon,

Thank you for this clarification.

Until now, I mistakenly thought that when a package was available on the store, it was automatically kept up to date or else it was removed.

This was a misunderstanding on my part. I will adjust the checks I perform on packages from the store accordingly.

Thanks to you, I now have a clearer understanding of the system for updating packages from the store, and I thank you for that.

Sincerely,

The question we need to ask ourselves is: do we develop the tis-adobeair package further?

Or do we create a new one:

tis-adobeair-harman?