Requests for Comments-9: Move OTB binary packages from SourceForge to GitHub

From OTBWiki
Jump to: navigation, search

Status

  • Submitted by Sébastien Dinot (17/09/2015 15:15)
  • Votes Pending

Content

What changes will be made and why they will make a better Orfeo ToolBox

Early August, an OTB user has brought to our attention the following security alert:

https://github.com/orfeotoolbox/OTB/issues/2

Google had blacklisted our domain because of we were forwarding the users towards SourceForge to download few binary packages (those for MS-Windows). The hosting of binary packages by SourceForge is explained by historic reasons: at the beginning of the project, the team had at its disposal only mutualized services such SF. The habit stayed but today, we no longer need SF:

  1. We have our own servers and we self-host most of the services required by the project: we can host ourself the binary packages
  2. We can rely on the GitHub platform to provide these binary packages: https://help.github.com/articles/about-releases/

These two solutions avoid us to distribute malware within the OTB binaries. We prefer the second solution because GitHub provides a high-availability platform.

When will those changes be available (target release or date)

The first solution (self-hosting) is already used. The second solution (GitHub hosting) could be used for the next release.

Retrieved from "https://wiki.orfeo-toolbox.org/index.php?title=Requests_for_Comments-9:_Move_OTB_binary_packages_from_SourceForge_to_GitHub&oldid=6553"