IMO, this really begs the question on whether we still want to use
sourceforge at all. At this point I just don't trust the service at all
anymore.

Could we use some resources (e.g. rackspace ?) to host those files ? Do we
know how much traffic they get so estimate the cost ?

David

On Thu, May 28, 2015 at 9:46 PM, Julian Taylor <
[email protected]> wrote:

> hi,
> It has been reported that sourceforge has taken over the gimp
> unofficial windows downloader page and temporarily bundled the
> installer with unauthorized adware:
> https://plus.google.com/+gimp/posts/cxhB1PScFpe
>
> As NumPy is also distributing windows installers via sourceforge I
> recommend that when you download the files you verify the downloads
> via the checksums in the README.txt before using them. The README.txt
> is clearsigned with my gpg key so it should be safe from tampering.
> Unfortunately as I don't use windows I cannot give any advice on how
> to do the verifcation on these platforms. Maybe someone familar with
> available tools can chime in.
>
> I have checked the numpy downloads and they still match what I
> uploaded, but as sourceforge does redirect based on OS and geolocation
> this may not mean much.
>
> Cheers,
> Julian Taylor
> _______________________________________________
> NumPy-Discussion mailing list
> [email protected]
> http://mail.scipy.org/mailman/listinfo/numpy-discussion
>
_______________________________________________
NumPy-Discussion mailing list
[email protected]
http://mail.scipy.org/mailman/listinfo/numpy-discussion

Reply via email to