Gesendet: Mittwoch, 10. Juni 2015 um 16:59 Uhr Von: "Andrey Semashev"
An: "boost@lists.boost.org" Betreff: Re: [boost] sourceforge and release hosting On Wed, Jun 10, 2015 at 5:34 PM, Adam Walling
wrote: Michael Ainsworth
writes: For those new to the boost mailing lists such as myself can you provide
a reference to catch us up?
The wikipedia page has a brief outline of the latest news and sources:
http://en.wikipedia.org/wiki/SourceForge
In November 2013, GIMP, a free image manipulation program, removed its download from SourceForge, citing misleading download buttons that can potentially confuse customers, as well as SourceForge's own Windows installer, which bundles third-party offers. In a statement, GIMP called SourceForge a once "useful and trustworthy place to develop and host FLOSS applications" that now faces "a problem with the ads they allow on their sites ..." In May 2015, the GIMP for Windows SourceForge project was transferred to the ownership of the "SourceForge Editorial Staff" account and adware downloads were re-enabled.[33] The same happened to the developers of nmap.[34][35]
There are several other projects which have also suffered the same fate, though the developers have not gotten up in arms as much as the GIMP and nmap devs.
The entire thing is a mess with a lot of carefully worded PR.
I agree that the situation is worrying, especially since we distribute binary installers as well and don't seem to publish SHA/MD5 of the installers on www.boost.org. Basically, we trust that SourceForge won't be hacked or won't do anything mischievous, like it did with these other projects.
However, what are the alternatives?
Selfhosting or Github. Question is does boost want to wait until sourceforge gets worse? Having malware infected boost-installers or users click on "wrong" download buttons isn't worth the risk IMHO. But also it should be enshured, that the sourceforge account is under boosts control, even when not continued for new releases. regards, Jens Weller