On 24 October 2013 12:18, Jeffrey Walton <noloa...@gmail.com> wrote: > On Sun, Oct 13, 2013 at 5:19 AM, Daniel Stenberg <dan...@haxx.se> wrote: >> On Sat, 12 Oct 2013, Jeffrey Walton wrote: >> >>> Would it be possible to migrate away from SourceForge? Or at least put it >>> on the roadmap for debate? >> >> >> I would like that as well since I find sourceforge quite annoying these >> days. We only use the trackers (bugs and feature-requests) on sourceforge >> now, so the migration would only be to move away to something else without >> losing data. And of course make sure that the new destination isn't worse >> than what we have now and have a likelihood of surviving a bunch of years. >> >> I just don't think it is of importance enough to spend much of my own time >> on it so unless someone else steps up and do most of the work it won't >> happen in a while. >> > Dr. Bernstein also indirectly endorses moving away from Sourceforge: > Cryptography Worst Practices, > http://secappdev.org/lectures/144. See around 88 minutes. > > Things may have changed (and that whole talk is interesting if you get > the time). The talk was indeed very interesting. What I took from it in relation to security of SourceForge is this: I have tested what that bit with the /develop page and it is no longer redirecting to HTTP. Also, what makes you think that, say, GitHub is any better?
Not that I care where will the Curl project host its code or bug trackers or pages. I am just trying to point out that you should change the service provider for the right reasons and with distinct benefit compensating for the effort and lost continuity. -- VZ ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
