IMO, this really begs the question on whether we still want to use sourceforge at all. At this point I just don't trust the service at all anymore.
Could we use some resources (e.g. rackspace ?) to host those files ? Do we know how much traffic they get so estimate the cost ? David On Thu, May 28, 2015 at 9:46 PM, Julian Taylor < [email protected]> wrote: > hi, > It has been reported that sourceforge has taken over the gimp > unofficial windows downloader page and temporarily bundled the > installer with unauthorized adware: > https://plus.google.com/+gimp/posts/cxhB1PScFpe > > As NumPy is also distributing windows installers via sourceforge I > recommend that when you download the files you verify the downloads > via the checksums in the README.txt before using them. The README.txt > is clearsigned with my gpg key so it should be safe from tampering. > Unfortunately as I don't use windows I cannot give any advice on how > to do the verifcation on these platforms. Maybe someone familar with > available tools can chime in. > > I have checked the numpy downloads and they still match what I > uploaded, but as sourceforge does redirect based on OS and geolocation > this may not mean much. > > Cheers, > Julian Taylor > _______________________________________________ > NumPy-Discussion mailing list > [email protected] > http://mail.scipy.org/mailman/listinfo/numpy-discussion >
_______________________________________________ NumPy-Discussion mailing list [email protected] http://mail.scipy.org/mailman/listinfo/numpy-discussion
