User forums > General (but related to Code::Blocks)

Downloading code::blocks binaries without sourceforge?

<< < (2/2)

raynebc:
An easy fix would be for the Codeblocks developers to provide a file hash for each binary package (http://www.codeblocks.org/downloads/26).  This will allow a way to prove whether the package was altered by the file host.

MortenMacFly:

--- Quote from: raynebc on March 02, 2016, 09:09:27 pm ---An easy fix would be for the Codeblocks developers to provide a file hash for each binary package (http://www.codeblocks.org/downloads/26).  This will allow a way to prove whether the package was altered by the file host.

--- End quote ---
Probably, but I don't know a single person that actually does such validation due to the lack of tools on a standard OS. So its worth as much as our word that we did that check, of course. So we strongly believe its not altered as long as the number of bytes on the SF server does not change. The version after the uploads were binary equal to the ones we created.

If you still not believe you could also find it out by running the installer in a VM.

And in fact: The C::B downloads were never altered by SF.NET. The malware was only bundled with "selected" projects and C::B was never "selected". If that would have happened we would have moved away from SF.NET, too.

Another hint: There is a "mirror" at http://www.fosshub.com/Code-Blocks.html. But they download the installers themselves w/o interaction of us (OK with us). this D/L is with MD5 hash. :-)

raynebc:
Sure, it's an added bother for the project maintainers, but there are enough third party tools for this out there that it isn't difficult or time consuming.  I mostly just check file hashes for things like ISO images and switch/router firmware updates, but it's not unreasonable to be distrustful of SourceForge after what they did.

Navigation

[0] Message Index

[*] Previous page