FSF rightly withdrew many of their tarballs to check for malicious code because a cracker owned them for many months. However, it has now been a month since that withdrawal and there is still no official libtool-1.5 tarball at http://ftp.gnu.org/gnu/libtool/. This affects many projects (like the PLplot scientific plotting tool [plplot.org]) where we are anxious to take advantage of the improved Cygwin and Mac OS X support in libtool-1.5. I downloaded libtool-1.5 from the official site in July and was still experimenting with it when news of the crack became known. I stopped all experimenting at that point, and I am now waiting for when the libtool-1.5 tarball is officially reinstated so I can verify what I downloaded has no malicious code in it.
Is there still a lot of work to do to verify the official libtool-1.5 tarball or is there just some administrative hurdle (such as propagating a gpg chain of trust) that is causing the delay? Alan __________________________ Alan W. Irwin email: [EMAIL PROTECTED] phone: 250-727-2902 Astronomical research affiliation with Department of Physics and Astronomy, University of Victoria (astrowww.phys.uvic.ca). Programming affiliations with the PLplot scientific plotting software package (plplot.org), the Yorick front-end to PLplot (yplot.sf.net), the Loads of Linux Links project (loll.sf.net), and the Linux Brochure Project (lbproject.sf.net). __________________________ Linux-powered Science __________________________ _______________________________________________ Libtool mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/libtool
