On Sat, Jun 6, 2015 at 9:52 PM, Jonathan Wilkes via Pd-list < [email protected]> wrote:
> Hi list, > tldr; Sourceforge has bundled malware with older Windows binaries for Gimp > and apparently moved an old Sourceforge repo for nmap to a mirror where the > nmap author does not have access. (Sourceforge claims it never bundles > adware with security software, but that isn't at all reassuring.) > > Please search the web for "sourceforge and gimp" and "sourceforge and > nmap" and read a few of the relevant news items for further detailes. > > Three suggestions: > 1) We should migrate away from Sourceforge. > 2) We should make sure the current Pd Sourceforge repo doesn't become > inactive. > 3) Once safely migrated, we should change to the Sourceforge code and > release a Pd-extended binary on Sourceforge whose only function is to > display a warning message to the user in the main Pd window. The warning > should alert the user that Sourceforge is no longer the repo for any flavor > of Pd, and that they should uninstall it and scan for malware. > 4) We should maintain active accounts on Sourceforge to make sure the > current binaries never become a target for delivering malware. > > This may be true for the compiled binaries but I think the svn repository should be safe, no? I don't think anyone could add malware to the repository without svn being aware of it. Martin
_______________________________________________ [email protected] mailing list UNSUBSCRIBE and account-management -> http://lists.puredata.info/listinfo/pd-list
