[SciPy-User] [Numpy-discussion] Verify your sourceforge windows installer downloads
Jason Sachs
jmsachs at gmail.com
Thu May 28 09:41:18 EDT 2015
Discussion of this on r/programming:
http://www.reddit.com/r/programming/comments/37h8ad/sourceforge_took_control_of_the_gimp_account_and/
GitHub apparently has a Releases feature, seems like that is the most
appropriate mechanism.
On Thu, May 28, 2015 at 6:35 AM, David Cournapeau <cournape at gmail.com>
wrote:
> IMO, this really begs the question on whether we still want to use
> sourceforge at all. At this point I just don't trust the service at all
> anymore.
>
> Could we use some resources (e.g. rackspace ?) to host those files ? Do we
> know how much traffic they get so estimate the cost ?
>
> David
>
> On Thu, May 28, 2015 at 9:46 PM, Julian Taylor <
> jtaylor.debian at googlemail.com> wrote:
>
>> hi,
>> It has been reported that sourceforge has taken over the gimp
>> unofficial windows downloader page and temporarily bundled the
>> installer with unauthorized adware:
>> https://plus.google.com/+gimp/posts/cxhB1PScFpe
>>
>> As NumPy is also distributing windows installers via sourceforge I
>> recommend that when you download the files you verify the downloads
>> via the checksums in the README.txt before using them. The README.txt
>> is clearsigned with my gpg key so it should be safe from tampering.
>> Unfortunately as I don't use windows I cannot give any advice on how
>> to do the verifcation on these platforms. Maybe someone familar with
>> available tools can chime in.
>>
>> I have checked the numpy downloads and they still match what I
>> uploaded, but as sourceforge does redirect based on OS and geolocation
>> this may not mean much.
>>
>> Cheers,
>> Julian Taylor
>> _______________________________________________
>> NumPy-Discussion mailing list
>> NumPy-Discussion at scipy.org
>> http://mail.scipy.org/mailman/listinfo/numpy-discussion
>>
>
>
> _______________________________________________
> SciPy-User mailing list
> SciPy-User at scipy.org
> http://mail.scipy.org/mailman/listinfo/scipy-user
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.scipy.org/pipermail/scipy-user/attachments/20150528/d56dd969/attachment.html>
More information about the SciPy-User
mailing list