Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate from sourceforge.net to GitHub (ghcr.io or raw.githubusercontent.com) #17

Open
imuhdork opened this issue Apr 24, 2024 · 4 comments
Open

Migrate from sourceforge.net to GitHub (ghcr.io or raw.githubusercontent.com) #17

imuhdork opened this issue Apr 24, 2024 · 4 comments

Comments

@imuhdork
Copy link

imuhdork commented Apr 24, 2024
edited
Loading

Sourceforge.net and its mirrors currently host the swig brew formula and packages. Unfortunately, many organizations are blocking any downloads from sourceforge.net given various security concerns with the practices in that platform.

Many other packages and brew formula (especially) have migrated to the GitHub container registry (ghcr.io) or accessing the raw files directly from GitHub via raw.githubusercontent.com. Both of these options appear to be an industry trend with greater trust of the content. Please consider migrating where the swig package and formulae can be downloaded from Sourceforge to GitHub.
@ojwb
Copy link
Member

ojwb commented Apr 24, 2024

I don't think we maintain the swig brew formula - that seems to be in the homebrew-core repo: https://github.com/Homebrew/homebrew-core/blob/0a816916dd912a9c7c3835cb0615ad6a0a24cc59/Formula/s/swig.rb

@imuhdork
Copy link
Author

Could the brew formula you linked just be pointing to where the swig packages appear to be uploaded as defined in https://github.com/swig/swig/blob/master/Tools/mkrelease.py? It looks like swig packages are available from sourceforge in general and brew formula are just using just using that package location.

@ojwb
Copy link
Member

ojwb commented Apr 30, 2024

Our website is hosted on sourceforge currently, but that isn't what you asked us to change.

Moving to the appropriate tracker.

Unfortunately, many organizations are blocking any downloads from sourceforge.net given various security concerns with the practices in that platform.

Can you provide evidence for this claim?

@ojwb ojwb transferred this issue from swig/swig Apr 30, 2024
@imuhdork
Copy link
Author

Perhaps it stems from this event which is further explained in this article. The article outlines that sourceforge had allegedly been wrapping download packages with adware and allowing misleading adware to spoof downloads with fake download buttons. As a result, Chrome ad blockers and anti virus software publicly acknowledged blocking sourceforge.

Admittedly, much of this stems from a decade old practice that SourceForge has changed for the better. Additionally, after reviewing the past issues in swig I see this may actually be a duplicate request. Even with all of that though, it SEEMS like the trustworthiness of sourceforge is still mixed while github has gained traction and market comparatively.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ojwb @imuhdork