Code::Blocks Forums
User forums => General (but related to Code::Blocks) => Topic started by: colin on March 02, 2016, 06:09:06 pm
-
Is it possible to download Code::blocks without using sourceforge?
It is well known and documented that sourceforge is a common source of modified and malware filled downloads, as is CNET.
I have had personal experience with this and had to re-install my computer, as you will find with a quick search have many people.
-
Only for abandoned projects, which Codeblocks is not. If you really wanted, you could download the "nosetup" version which is just a zip with no installer.
-
Okay, as I don't have trust in organisations applying malware to downloads, abandoned or not, then I will consider other options.
I've already tried to build from source, but I gave up after hours of trying, it seems bizarrely painful as an experience.
I will have a look at the nosetup option over the weekend and see how that works out, thanks.
-
It is well known and documented that sourceforge is a common source of modified and malware filled downloads, as is CNET.
With the new SF.NET owner this policy is no more... This was one of the main reason the old owner had to go. Since ~ a few weeks. So you don't need to worry anymore.
-
Interesting to know, but as they say, trust takes a long time to build and is quickly broken.
I won't be rushing back any time soon...
-
An easy fix would be for the Codeblocks developers to provide a file hash for each binary package (http://www.codeblocks.org/downloads/26). This will allow a way to prove whether the package was altered by the file host.
-
An easy fix would be for the Codeblocks developers to provide a file hash for each binary package (http://www.codeblocks.org/downloads/26). This will allow a way to prove whether the package was altered by the file host.
Probably, but I don't know a single person that actually does such validation due to the lack of tools on a standard OS. So its worth as much as our word that we did that check, of course. So we strongly believe its not altered as long as the number of bytes on the SF server does not change. The version after the uploads were binary equal to the ones we created.
If you still not believe you could also find it out by running the installer in a VM.
And in fact: The C::B downloads were never altered by SF.NET. The malware was only bundled with "selected" projects and C::B was never "selected". If that would have happened we would have moved away from SF.NET, too.
Another hint: There is a "mirror" at http://www.fosshub.com/Code-Blocks.html. But they download the installers themselves w/o interaction of us (OK with us). this D/L is with MD5 hash. :-)
-
Sure, it's an added bother for the project maintainers, but there are enough third party tools for this out there that it isn't difficult or time consuming. I mostly just check file hashes for things like ISO images and switch/router firmware updates, but it's not unreasonable to be distrustful of SourceForge after what they did.
-
Check this video for the complete procedure to download and install code blocks latest IDE:
https://youtu.be/1QYgFiKGk3k
Hope this will help. :)