[Numpy-discussion] Verify your sourceforge windows installer downloads
cournape at gmail.com
Thu May 28 09:35:55 EDT 2015
IMO, this really begs the question on whether we still want to use
sourceforge at all. At this point I just don't trust the service at all
Could we use some resources (e.g. rackspace ?) to host those files ? Do we
know how much traffic they get so estimate the cost ?
On Thu, May 28, 2015 at 9:46 PM, Julian Taylor <
jtaylor.debian at googlemail.com> wrote:
> It has been reported that sourceforge has taken over the gimp
> unofficial windows downloader page and temporarily bundled the
> installer with unauthorized adware:
> As NumPy is also distributing windows installers via sourceforge I
> recommend that when you download the files you verify the downloads
> via the checksums in the README.txt before using them. The README.txt
> is clearsigned with my gpg key so it should be safe from tampering.
> Unfortunately as I don't use windows I cannot give any advice on how
> to do the verifcation on these platforms. Maybe someone familar with
> available tools can chime in.
> I have checked the numpy downloads and they still match what I
> uploaded, but as sourceforge does redirect based on OS and geolocation
> this may not mean much.
> Julian Taylor
> NumPy-Discussion mailing list
> NumPy-Discussion at scipy.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the NumPy-Discussion