[PD] some repo house cleaning

[Jonathan Wilkes]

Hi list,
tldr; Sourceforge has bundled malware with older Windows binaries for 
Gimp and apparently moved an old Sourceforge repo for nmap to a mirror 
where the nmap author does not have access.  (Sourceforge claims it 
never bundles adware with security software, but that isn't at all 
reassuring.)

Please search the web for "sourceforge and gimp" and "sourceforge and 
nmap" and read a few of the relevant news items for further detailes.

Three suggestions:
1) We should migrate away from Sourceforge.
2) We should make sure the current Pd Sourceforge repo doesn't become 
inactive.
3) Once safely migrated, we should change to the Sourceforge code and 
release a Pd-extended binary on Sourceforge whose only function is to 
display a warning message to the user in the main Pd window. The warning 
should alert the user that Sourceforge is no longer the repo for any 
flavor of Pd, and that they should uninstall it and scan for malware.
4) We should maintain active accounts on Sourceforge to make sure the 
current binaries never become a target for delivering malware.

I contacted the Oregon State University Open Source Labs, and it looks 
like they can help us host at least the svn, git repos, and binaries.  
It may also be possible to have infrastructure for some nightly builds, 
but since Pd-extended's nightly builds aren't operational atm that's not 
a priority.

If anyone wants to help, take leadership, or perhaps suggest an 
alternative plan that'd be great.  I contacted OSUOSL because they have 
a long history hosting free software, are non-commercial, and are 
student-centric.

If anyone is thinking, "Why not just move to Github?" the answer is that 
ten years ago Sourceforge _was_ Github.  We see how that is turning out.

-Jonathan