[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-glpk] Trojan Horse in Gusek

From: Andrew Makhorin
Subject: Re: [Help-glpk] Trojan Horse in Gusek
Date: Wed, 07 Sep 2011 00:56:15 +0400

> > Where are these checksums provided? I didn't find them on the Gusek
> > project webpages. Are they calculated by sourceforge?
> > 
> > 
> > Andrew Makhorin
> > 
> Hello Andrew,
> Sourceforge provides checksums for all downloads.
> See appendix

Thank you very much for information.

It seems to me that it would be better to calculate the md5 check-sums
for .zip and .tar.gz on the developer's machine and provide them on the
project's webpage (or maybe provide gpg signatures, as used for all GNU
packages for last several years) along with a brief instruction (for MS
Windows users) about how to make sure that the distributed files have
been untouched. This is the only reliable way I know to protect files
against intentional/unintentional changes on distributing them over the
internet. Including in an anti-virus whitelist doesn't seem to me a good

Best regards,

Andrew Makhorin

reply via email to

[Prev in Thread] Current Thread [Next in Thread]