Hi everyone, You may be interested by the RFC below.
Rashad added an helpful clarification: ------------------------------------------------------------------------ MS-Windows binaries (MinGW) existing on sourceforge.net are not actaully affected. I had checked the md5sum of the ones from sourceforge against those hosted on orfeo-toolbox.org/packages/. Both are same (check today again). $ md5sum sfnet-OTB-5.0.0-Windows-MinGW-x86-bin.zip 68ff9dc177f35d9d8fd0e79ed5c5135d sfnet-OTB-5.0.0-Windows-MinGW-x86-bin.zip $ md5sum otbsite-OTB-5.0.0-Windows-MinGW-x86-bin.zip 68ff9dc177f35d9d8fd0e79ed5c5135d otbsite-OTB-5.0.0-Windows-MinGW-x86-bin.zip $ md5sum otbsite-OTB-5.0.0-Windows-MinGW-x86_64-bin.zip bcf7b85fb38694fa9d8eef7575321ed5 otbsite-OTB-5.0.0-Windows-MinGW-x86_64-bin.zip $ md5sum sfnet-OTB-5.0.0-Windows-MinGW-x86_64-bin.zip bcf7b85fb38694fa9d8eef7575321ed5 sfnet-OTB-5.0.0-Windows-MinGW-x86_64-bin.zip ------------------------------------------------------------------------ Regards, Sébastien -------- Message transféré -------- Sujet : [otb-developers] [Request for Comments] Move OTB binary packages from SourceForge to GitHub Date : Thu, 17 Sep 2015 15:34:14 +0200 De : Sébastien Dinot <[email protected]> Pour : OTB Developers <[email protected]> Dear all, Early August, an OTB user has brought to our attention the following security alert: https://github.com/orfeotoolbox/OTB/issues/2 Google had blacklisted our domain because of we were forwarding the users towards SourceForge to download few binary packages (those for MS-Windows). The hosting of binary packages by SourceForge is explained by historic reasons: at the beginning of the project, the team had at its disposal only mutualized services such SF. The habit stayed. But today, we have our own servers and we self-host most of the services required by the project; we no longer need SF. Therefore, in a hurry (i.e. without consulting the OTB community), we decided to remove the links towards SourceForge and to host ourselves the binary packages. This action put an end to the security alert. It was a workaround. We need now a definitive strategy. Therefore, we propose to release the binary packages[1] on GitHub through the OTB official account[2]. Request for Comments: http://wiki.orfeo-toolbox.org/index.php/RFCs_open_to_vote#.5BRFC-10.5D_Move_OTB_binary_packages_from_SourceForge_to_GitHub Any comments welcome. Regards, The sys. admin. team [1] https://help.github.com/articles/about-releases/ [2] https://github.com/orfeotoolbox -- Sébastien Dinot Expert logiciel libre CS Systèmes d'Information Division Espace - Service Information Géographique et Image Parc de la Grande Plaine - 5, rue Brindejonc des Moulinais - BP 15872 31506 Toulouse Cedex 05 - France +33 (0)5 61 17 64 48 - [email protected] -- -- Check the OTB FAQ at http://www.orfeo-toolbox.org/FAQ.html You received this message because you are subscribed to the Google Groups "otb-users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/otb-users?hl=en --- You received this message because you are subscribed to the Google Groups "otb-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
