[PD] some repo house cleaning
Martin Peach
chakekatzil at gmail.com
Sun Jun 7 17:33:04 CEST 2015
On Sat, Jun 6, 2015 at 9:52 PM, Jonathan Wilkes via Pd-list <
pd-list at lists.iem.at> wrote:
> Hi list,
> tldr; Sourceforge has bundled malware with older Windows binaries for Gimp
> and apparently moved an old Sourceforge repo for nmap to a mirror where the
> nmap author does not have access. (Sourceforge claims it never bundles
> adware with security software, but that isn't at all reassuring.)
>
> Please search the web for "sourceforge and gimp" and "sourceforge and
> nmap" and read a few of the relevant news items for further detailes.
>
> Three suggestions:
> 1) We should migrate away from Sourceforge.
> 2) We should make sure the current Pd Sourceforge repo doesn't become
> inactive.
> 3) Once safely migrated, we should change to the Sourceforge code and
> release a Pd-extended binary on Sourceforge whose only function is to
> display a warning message to the user in the main Pd window. The warning
> should alert the user that Sourceforge is no longer the repo for any flavor
> of Pd, and that they should uninstall it and scan for malware.
> 4) We should maintain active accounts on Sourceforge to make sure the
> current binaries never become a target for delivering malware.
>
>
This may be true for the compiled binaries but I think the svn repository
should be safe, no?
I don't think anyone could add malware to the repository without svn being
aware of it.
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.puredata.info/pipermail/pd-list/attachments/20150607/749f4ac0/attachment.html>
More information about the Pd-list
mailing list