[Numpy-discussion] Verify your sourceforge windows installer downloads

[Pauli Virtanen]

28.05.2015, 21:52, Julian Taylor kirjoitti:
> there is no guarantee that github will not do this stuff in future too,
> also PyPI or self hosting do not necessarily help as those resources can
> be compromised.
> The main thing that should be learned this and the many similar
> incidents in the past is that binaries from the internet need to be
> verified of they have been modified from their original state otherwise
> they cannot be trusted.

Indeed, but on the other hand, there's no reason for us to continue
cooperating with shady partners, especially when there are easy
alternatives. We can just quietly change the main binary distribution
channel and be done with it.