[Numpy-discussion] Verify your sourceforge windows installer downloads

Andrew Collette andrew.collette at gmail.com
Thu May 28 13:00:08 EDT 2015


> Here is their lame excuse:
>
> https://sourceforge.net/blog/gimp-win-project-wasnt-hijacked-just-abandoned/
>
> It probably means this:
>
> If NumPy installers are moved away from Sourceforge, they will set up a
> mirror and load the mirrored installers with all sorts of crapware. It is
> some sort of racket the mob couldn't do better.

I noticed that like most BSD-licensed software, NumPy's license
includes this clause:

"Neither the name of the NumPy Developers nor the names of any
contributors may be used to endorse or promote products derived from
this software without specific prior written permission."

There's an argument to be made that SF isn't legally permitted to
distribute poisoned installers under the name "NumPy" without
permission.  I recall a similar dust-up a while ago about "Standard
Markdown" using the name "Markdown"; the original author (John Gruber)
took action and got them to change the name.

In any case I've always been surprised that NumPy is distributed
through SourceForge, which has been sketchy for years now. Could it
simply be hosted on PyPI?

Andrew



More information about the NumPy-Discussion mailing list