Requests for Comments-9: Move OTB binary packages from SourceForge to GitHub

From OTBWiki
Jump to: navigation, search


  • Submitted by Sébastien Dinot (17/09/2015 15:15)
  • Votes Pending


What changes will be made and why they will make a better Orfeo ToolBox

Early August, an OTB user has brought to our attention the following security alert:

Google had blacklisted our domain because of we were forwarding the users towards SourceForge to download few binary packages (those for MS-Windows). The hosting of binary packages by SourceForge is explained by historic reasons: at the beginning of the project, the team had at its disposal only mutualized services such SF. The habit stayed but today, we no longer need SF:

  1. We have our own servers and we self-host most of the services required by the project: we can host ourself the binary packages
  2. We can rely on the GitHub platform to provide these binary packages:

These two solutions avoid us to distribute malware within the OTB binaries. We prefer the second solution because GitHub provides a high-availability platform.

When will those changes be available (target release or date)

The first solution (self-hosting) is already used. The second solution (GitHub hosting) could be used for the next release.