[SciPy-Dev] [Numpy-discussion] Verify your sourceforge windows installer downloads
Benny Malengier
benny.malengier at gmail.com
Thu May 28 10:37:36 EDT 2015
Actually,
they way I understand it, you should stay on SF, then they don't take
over your project so as to 'help your userbase'.
So, if you don't use SF anymore for your downloads, then they make an
SF mirror of your project, and add their wrapper installer. Which is
what happened to Gimp.
As long as you use SF yourself to keep your downloads current, they
don't interfere.
Benny
2015-05-28 15:35 GMT+02:00 David Cournapeau <cournape at gmail.com>:
> IMO, this really begs the question on whether we still want to use
> sourceforge at all. At this point I just don't trust the service at all
> anymore.
>
> Could we use some resources (e.g. rackspace ?) to host those files ? Do we
> know how much traffic they get so estimate the cost ?
>
> David
>
> On Thu, May 28, 2015 at 9:46 PM, Julian Taylor
> <jtaylor.debian at googlemail.com> wrote:
>>
>> hi,
>> It has been reported that sourceforge has taken over the gimp
>> unofficial windows downloader page and temporarily bundled the
>> installer with unauthorized adware:
>> https://plus.google.com/+gimp/posts/cxhB1PScFpe
>>
>> As NumPy is also distributing windows installers via sourceforge I
>> recommend that when you download the files you verify the downloads
>> via the checksums in the README.txt before using them. The README.txt
>> is clearsigned with my gpg key so it should be safe from tampering.
>> Unfortunately as I don't use windows I cannot give any advice on how
>> to do the verifcation on these platforms. Maybe someone familar with
>> available tools can chime in.
>>
>> I have checked the numpy downloads and they still match what I
>> uploaded, but as sourceforge does redirect based on OS and geolocation
>> this may not mean much.
>>
>> Cheers,
>> Julian Taylor
>> _______________________________________________
>> NumPy-Discussion mailing list
>> NumPy-Discussion at scipy.org
>> http://mail.scipy.org/mailman/listinfo/numpy-discussion
>
>
>
> _______________________________________________
> SciPy-Dev mailing list
> SciPy-Dev at scipy.org
> http://mail.scipy.org/mailman/listinfo/scipy-dev
>
More information about the SciPy-Dev
mailing list