Author Topic: Downloading code::blocks binaries without sourceforge?  (Read 3653 times)

Offline colin

  • Multiple posting newcomer
  • *
  • Posts: 12
Downloading code::blocks binaries without sourceforge?
« on: March 02, 2016, 06:09:06 pm »
Is it possible to download Code::blocks without using sourceforge?
It is well known and documented that sourceforge is a common source of modified and malware filled downloads, as is CNET.
I have had personal experience with this and had to re-install my computer, as you will find with a quick search have many people.

Offline raynebc

  • Almost regular
  • **
  • Posts: 212
Re: Downloading code::blocks binaries without sourceforge?
« Reply #1 on: March 02, 2016, 07:14:13 pm »
Only for abandoned projects, which Codeblocks is not.  If you really wanted, you could download the "nosetup" version which is just a zip with no installer.

Offline colin

  • Multiple posting newcomer
  • *
  • Posts: 12
Re: Downloading code::blocks binaries without sourceforge?
« Reply #2 on: March 02, 2016, 07:21:01 pm »
Okay, as I don't have trust in organisations applying malware to downloads, abandoned or not, then I will consider other options.
I've already tried to build from source, but I gave up after hours of trying, it seems bizarrely painful as an experience.
I will have a look at the nosetup option over the weekend and see how that works out, thanks.
« Last Edit: March 02, 2016, 07:25:21 pm by colin »

Offline MortenMacFly

  • Administrator
  • Lives here!
  • *****
  • Posts: 9508
Re: Downloading code::blocks binaries without sourceforge?
« Reply #3 on: March 02, 2016, 07:26:38 pm »
It is well known and documented that sourceforge is a common source of modified and malware filled downloads, as is CNET.
With the new SF.NET owner this policy is no more... This was one of the main reason the old owner had to go. Since ~ a few weeks. So you don't need to worry anymore.
Compiler logging: Settings->Compiler & Debugger->tab "Other"->Compiler logging="Full command line"
C::B Manual: http://www.codeblocks.org/docs/main_codeblocks_en.html
C::B FAQ: http://wiki.codeblocks.org/index.php?title=FAQ

Offline colin

  • Multiple posting newcomer
  • *
  • Posts: 12
Re: Downloading code::blocks binaries without sourceforge?
« Reply #4 on: March 02, 2016, 07:32:10 pm »
Interesting to know, but as they say, trust takes a long time to build and is quickly broken.
I won't be rushing back any time soon...

Offline raynebc

  • Almost regular
  • **
  • Posts: 212
Re: Downloading code::blocks binaries without sourceforge?
« Reply #5 on: March 02, 2016, 09:09:27 pm »
An easy fix would be for the Codeblocks developers to provide a file hash for each binary package (http://www.codeblocks.org/downloads/26).  This will allow a way to prove whether the package was altered by the file host.

Offline MortenMacFly

  • Administrator
  • Lives here!
  • *****
  • Posts: 9508
Re: Downloading code::blocks binaries without sourceforge?
« Reply #6 on: March 03, 2016, 07:53:30 pm »
An easy fix would be for the Codeblocks developers to provide a file hash for each binary package (http://www.codeblocks.org/downloads/26).  This will allow a way to prove whether the package was altered by the file host.
Probably, but I don't know a single person that actually does such validation due to the lack of tools on a standard OS. So its worth as much as our word that we did that check, of course. So we strongly believe its not altered as long as the number of bytes on the SF server does not change. The version after the uploads were binary equal to the ones we created.

If you still not believe you could also find it out by running the installer in a VM.

And in fact: The C::B downloads were never altered by SF.NET. The malware was only bundled with "selected" projects and C::B was never "selected". If that would have happened we would have moved away from SF.NET, too.

Another hint: There is a "mirror" at http://www.fosshub.com/Code-Blocks.html. But they download the installers themselves w/o interaction of us (OK with us). this D/L is with MD5 hash. :-)
Compiler logging: Settings->Compiler & Debugger->tab "Other"->Compiler logging="Full command line"
C::B Manual: http://www.codeblocks.org/docs/main_codeblocks_en.html
C::B FAQ: http://wiki.codeblocks.org/index.php?title=FAQ

Offline raynebc

  • Almost regular
  • **
  • Posts: 212
Re: Downloading code::blocks binaries without sourceforge?
« Reply #7 on: March 04, 2016, 12:31:51 am »
Sure, it's an added bother for the project maintainers, but there are enough third party tools for this out there that it isn't difficult or time consuming.  I mostly just check file hashes for things like ISO images and switch/router firmware updates, but it's not unreasonable to be distrustful of SourceForge after what they did.