SourceForge

davelist at mac.com davelist at mac.com
Fri Jul 29 18:02:00 EDT 2016


> On Jul 29, 2016, at 5:36 PM, John Ralls <jralls at ceridwen.us> wrote:
> 
> 
>> On Jul 29, 2016, at 11:52 AM, davelist at mac.com wrote:
>> 
>> I know gnucash has used SourceForge for years but it's gone down hill over the years. I assume the gnucash developers are aware of this, but just in case, I wanted to share these links.
>> 
>> https://glyph.twistedmatrix.com/2016/07/dont-trust-sourceforge.html
>> 
>> http://www.howtogeek.com/218764/warning-don’t-download-software-from-sourceforge-if-you-can-help-it/
>> 
>> I'm not trying to start a problem - just sharing news in case people aren't aware.
> 
> Old news and supposedly fixed. But for the paranoid we've been providing another download link on Github in recent releases as well as including a README on SourceForge with the sha256 for the tarballs. SourceForge itself provides MD5 hashes (yeah, I know) on the download page so you can check if the file is altered. Given your email address I'll also mention that the Mac application bundle is code signed with an Apple developer certificate.
> 
> Regards,
> John Ralls

Interesting that I saw the story show up a couple places this week even though it appears new owners bought them in February and supposedly stopped the "DevShare" program that led to the problems.

Glad to hear you are signing the Mac version.

Thanks,
Dave





More information about the gnucash-user mailing list