Jump to content

Cream Soda?

Rylas

By Rylas
in General Discussion

 Share

Recommended Posts

Rylas

Rylas

Posted
Posted

Mod Edit: Please see our announcement from Discord. Locking this thread.

Please beware of a modified version of Tequila going around named "Cream Soda". This is not our launcher and we absolutely can not endorse it.

We do not know that the changes made to it were not malicious and as such we would advise against downloading and running it.

 

Note that even if you build Cream Soda from source, you are still at risk of the author changing the manifest to allow it to download and execute malicious files in the future.

Once the manifest is pointed at something malicious it will download and run on every system that runs Cream Soda.

 

Tequila is open-source and has been for years. If people want to make changes to Tequila then they are more than welcome to create Pull Requests on Tequila's Github repository at https://github.com/leandrotlz/Tequila

 

Saw an announcement on Discord about a better version of the Tequila launcher being available called Cream Soda. I haven't seen any mention in the announcement forum, so was wondering if this is what we're suppose to be using now. Has anyone used it yet?

PQAzhGk.png Make Energy Melee Great Again! Join the discussion.

 

Request hi-res icons here. fBfruXW.pngnFRzS1G.pngZOOTsRk.pngh1GKuZo.pngNG0EFBL.png8lnHKLt.png3f2lHyL.png7KPkl2C.pngHPucq9J.pngBlbsQUx.pngXdnlqXI.png9sfLlss.pngu1MqVyK.png9E28NED.pngTrwSZIP.png

Link to comment
Share on other sites
Knyghte

Knyghte

Posted
Posted

If you read the announcement on Discord, you should probably already know the answer.

 

"Please beware of a modified version of Tequila going around named "Cream Soda". This is not our launcher and we absolutely can not endorse it. We do not know that the changes made to it were not malicious and as such we would advise against downloading and running it."

Link to comment
Share on other sites
Jacke

Jacke

Posted
Posted

There's an additional requirement for a secure launcher besides being compiled from verified source code.  As Cipher explained in his post on the Discord earlier today, the manifest in the launch also has to be correct.

 

Please beware of a modified version of Tequila going around named "Cream Soda". This is not our launcher and we absolutely can not endorse it. We do not know that the changes made to it were not malicious and as such we would advise against downloading and running it. Note that even if you build Cream Soda from source, you are still at risk of the author changing the manifest to allow it to download and execute malicious files in the future. Once the manifest is pointed at something malicious it will download and run on every system that runs Cream Soda. Tequila is open-source and has been for years. If people want to make changes to Tequila then they are more than welcome to create Pull Requests on Tequila's Github repository at https://github.com/leandrotlz/Tequila. Thank you.

Remember!  Let's be careful out there!

City Global @Jacke, @Jacke2 || Discord @jacke4913  

@TheUnnamedOne's BadgeReporter Popmenu

Commands Popmenu including Long Range Teleport Available Zones

Finding Your City Install Root on Windows for HC Launcher, Tequila, Island Rum  

Link to comment
Share on other sites
The Fifth Horseman

The Fifth Horseman

Posted
Posted

Cream Soda is a third party fork of Tequila reverse engineered hack of Tequila (cf https://i.imgur.com/sZF1QtO.png )

 

Currently it doesn't provide a real advantage over the core function of the original probram (downloading and patching) - in fact, it piggybacks on Tequila's own content servers and bandwidth (which I understand ticked off Leandro somewhat when he found out).

 

Downloads from the web over HTTP are impractical for distribution on this scale - if Cream Soda ever switches to magnet links / torrents as a method of download it might have an actual advantage over Tequila, but for now it's entirely redundant.

Link to comment
Share on other sites
Radionuclide

Radionuclide

Posted
Posted

There's an additional requirement for a secure launcher besides being compiled from verified source code.  As Cipher explained in his post on the Discord earlier today, the manifest in the launch also has to be correct.

 

Please beware of a modified version of Tequila going around named "Cream Soda". This is not our launcher and we absolutely can not endorse it. We do not know that the changes made to it were not malicious and as such we would advise against downloading and running it. Note that even if you build Cream Soda from source, you are still at risk of the author changing the manifest to allow it to download and execute malicious files in the future. Once the manifest is pointed at something malicious it will download and run on every system that runs Cream Soda. Tequila is open-source and has been for years. If people want to make changes to Tequila then they are more than welcome to create Pull Requests on Tequila's Github repository at https://github.com/leandrotlz/Tequila. Thank you.

 

The one problem I have here with this announcement is that using Tequila vs Cream Soda does not eliminate this threat vector. They function identically. I'm not saying either author would do this. But, choosing one over the other is not safer from that standpoint.

Link to comment
Share on other sites
wtl

wtl

Posted
Posted

There's no reason to switch over to it right now- even if there are improvements to make it pull the files from a torrent or another source you'll have to re-download it anyway.

 

Even with those improvements in mind, if you already have the game running I don't see much need switching off of Tequila regardless though, small updates to the game files don't really need any fancy delivery method.

Link to comment
Share on other sites
Kelador

Kelador

Posted
Posted

From a glance at the code seems fine (he uploaded it to github and is also doing a  Full-Line Code Audit Report which will take about 48 hours to come out), I think the intent behind it was to offer an open source launcher that you yourself can see the code... If you want to talk security concerns etc we know less about tequila than cream soda...

 

As others have pointed out no need to switch tho wait for a better launcher closer to the orignal which someone in the discord said they was going to work on at some point.

Link to comment
Share on other sites
Kelador

Kelador

Posted
Posted

... If you want to talk security concerns etc we know less about tequila than cream soda...

 

The code for Tequila is on git (https://github.com/leandrotlz/Tequila) and has been for 5 years so, that's not really accurate.

 

There has not been a line for line audit demanded of Tequila which is what we are getting for cream soda which is what I was what I meant about knowing less.

Link to comment
Share on other sites
Radionuclide

Radionuclide

Posted
Posted

... If you want to talk security concerns etc we know less about tequila than cream soda...

 

The code for Tequila is on git (https://github.com/leandrotlz/Tequila) and has been for 5 years so, that's not really accurate.

 

There has not been a line for line audit demanded of Tequila which is what we are getting for cream soda which is what I was what I meant about knowing less.

 

AH ok. Sorry. This is true.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...