https://sourceforge.net/blog/gimp-win-project-wasnt-hijacked-just-abandoned/
Notice the part where they say "Mirrored projects are sometimes used to deliver easy-to-decline third-party offers, and the original downloads are always available.". In other words, they replace some of the packages they host with variants that have added spyware or adware bundled in. This is obviously an egregious security vulnerability, as well as a slimy practice that surely taints the reputation of everyone involved. I think it is past time for Crypto++ to divorce itself from SourceForge in all possible ways. I just finished transferring several old abandoned projects of mine from SourceForge to github. Wasn't hard. Here's a more detailed story about this issue: http://lwn.net/SubscriberLink/646118/a5b8924c2576ecf1/ Regards, Zooko Wilcox-O'Hearn Founder, CEO, and Customer Support Rep https://LeastAuthority.com — Freedom matters. -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
