We also have https://osgeo-org.atlassian.net/browse/GEOS-7058 with details
on what it would take to migrate away from source forge, using github to
host download artifacts.
--
Jody Garnett
On 24 October 2016 at 15:36, Ben Caradoc-Davies <[email protected]> wrote:
> SourceForge has admitted wrapping unmaintained downloads with adware,
> but now claim only to do so where project owners opt in:
> http://www.theregister.co.uk/2015/06/03/sourceforge_to_
> offer_only_optin_adware_after_gimp_grump/
> https://en.wikipedia.org/wiki/SourceForge#Project_
> hijackings_and_bundled_malware
>
> Some adware may be close to malware or may enable injection of malicious
> content. This may have caused some SourceForge content to be backlisted
> as malicious.
>
> We could as part of the release process create and publish SHA-512
> checksums on ares (or some other server controlled by a trusted
> community participant). This would allow end-users to verify the
> integrity of release artifacts downloaded from SourceForge.
>
> Kind regards,
> Ben.
>
> On 25/10/16 10:36, Mike Pumphrey wrote:
> > I just downloaded GeoServer 2.10-RC1 from SourceForge, and on the
> > post-download page, I got redirected to a page that Chrome blocked as
> > malicious.
> >
> > Is there any plan to move downloads away from SourceForge? I kind of
> > feel like that site might be tainted goods at this point.
> >
> > Sorry I don't have a screenshot, as I tend to close a tab that looks
> > like that immediately.
> >
> > Thanks,
> > Mike
> >
> > Mike Pumphrey
> > User Advocate | Boundless
> > 917-338-0407
> > [email protected]
> > http://boundlessgeo.com
> > @boundlessgeo
> >
> > ------------------------------------------------------------
> ------------------
> > The Command Line: Reinvented for Modern Developers
> > Did the resurgence of CLI tooling catch you by surprise?
> > Reconnect with the command line and become more productive.
> > Learn the new .NET and ASP.NET CLI. Get your free copy!
> > http://sdm.link/telerik
> > _______________________________________________
> > Geoserver-devel mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/geoserver-devel
> >
>
> --
> Ben Caradoc-Davies <[email protected]>
> Director
> Transient Software Limited <http://transient.nz/>
> New Zealand
>
> ------------------------------------------------------------
> ------------------
> The Command Line: Reinvented for Modern Developers
> Did the resurgence of CLI tooling catch you by surprise?
> Reconnect with the command line and become more productive.
> Learn the new .NET and ASP.NET CLI. Get your free copy!
> http://sdm.link/telerik
> _______________________________________________
> Geoserver-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>
------------------------------------------------------------------------------
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive.
Learn the new .NET and ASP.NET CLI. Get your free copy!
http://sdm.link/telerik
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
