> Notice the part where they say "Mirrored projects are sometimes used > to deliver easy-to-decline third-party offers, and the original > downloads are always available.".
It reminds me of CNet and Nmap, https://news.ycombinator.com/item?id=3317121. > I think it is past time for Crypto++ to divorce itself from > SourceForge in all possible ways. I just finished transferring several > old abandoned projects of mine from SourceForge to github. Wasn't > hard. +1. Jeff On Thursday, May 28, 2015 at 7:29:53 PM UTC-4, Zooko Wilcox-OHearn wrote: > > > https://sourceforge.net/blog/gimp-win-project-wasnt-hijacked-just-abandoned/ > > Notice the part where they say "Mirrored projects are sometimes used > to deliver easy-to-decline third-party offers, and the original > downloads are always available.". > > In other words, they replace some of the packages they host with > variants that have added spyware or adware bundled in. > > This is obviously an egregious security vulnerability, as well as a > slimy practice that surely taints the reputation of everyone involved. > > I think it is past time for Crypto++ to divorce itself from > SourceForge in all possible ways. I just finished transferring several > old abandoned projects of mine from SourceForge to github. Wasn't > hard. > > Here's a more detailed story about this issue: > > http://lwn.net/SubscriberLink/646118/a5b8924c2576ecf1/ > -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
