Thanks for the information that binary builds are availably on SourceForge faster than on git-scm. I can see the v2.8.1 for OS X was uploaded few hours ago to the SF, so my main problem (lack of security fixes in git for OS X) is solved.
The automation process should be probably reviewed, though - because all the other folks around the world using git-scm (not the SF) to download OS X builds are still stuck at v2.6.4. Ideally git-scm would point to the new Mac version within single minutes since the release (or even seconds) - not hours, days, or weeks. >From my point of view SourceForge vs GitHub is kinda implementation detail. I'd go with GitHub as it's more convenient to use and supported HTTPS since the beginning. And then SF had really bad idea with pushing malware (see https://sourceforge.net/p/forge/site-support/7414/). But as long as git-scm will be getting binaries on time most folks won't really care about details of delivery process. On Tue, Apr 5, 2016 at 6:43 PM, Tim Harper <[email protected]> wrote: > It is still supported. I'm not sure why git-scm is pointing to the wrong > version. There's been some discussion to upload to github instead, which I'm > for, but SourceForge publishing is already automated. > >> On Apr 5, 2016, at 10:38, Junio C Hamano <[email protected]> wrote: >> >> Michał Staruch <[email protected]> writes: >> >>> I'd like to ask if OS X is still supported platform for git. Sources >>> and Windows build were updated to version 2.8.1, while OS X build >>> stopped at 2.6.4, staying vulnerable to CVE-2016-2315 and >>> CVE-2016-2324. >> >> Thanks for asking. >> >> Tim Harper (CC'ed) helps the OSX users by supplying the OSX >> installer. >> >> I think git-scm.com attempts to show the latest OSX installer from >> https://sourceforge.net/projects/git-osx-installer/. >> >> It's funny that that >> >> https://sourceforge.net/projects/git-osx-installer/files/ >> >> does list 2.7.1 that is newer than 2.6.4, but the quick download >> link on that page points at 2.6.2; there is something screwy >> happening at sourceforge. I am not sure how git-scm.com chooses to >> claim that 2.6.4 is the latest. There seems to be an issue open on >> this. >> >> https://github.com/git/git-scm.com/issues/715 >> >> As I do not do binary packaging for individual platforms, I cannot >> be of more help than what this message says; sorry about that. >> >> Next time please send any message that is related to Git to either >> [email protected] mailing list (public) or if you want to >> privately discuss security related issues that are not yet known to >> the public, then to [email protected] [*1*]. There are >> at least three reasons to do so: >> >> - A message that is addressed only to [email protected] and not one >> of these lists are often eaten by spam filters and will not be >> seen by me. >> >> - I am not an expert on everything that is related to Git (this >> topic is a good example), and people more qualified to answer are >> on these lists. >> >> - I suspect that you are not the only Git user on OSX, so there >> must be more people wondering the same thing as you are, so >> asking [email protected] would help other OSX users. >> >> I almost added "Cc: [email protected]" myself on this response, >> but I didn't because there might be a reason for you to hide your >> e-mail address from the public (some people are weird that way, and >> you might be one of them but I couldn't tell because I do not know >> you). If you do not mind helping other OSX users, I am fine if you >> CC'ed your response to this message to [email protected] while >> quoting everything I wrote here. >> >> Thanks. >> >> >> [Footnote] >> >> *1* Both of these two lists accept messages from non-subscribers, >> i.e. you can send messages to them without subscribing to them, and >> you'll be kept in the loop in the discussion by CC'ing the original >> poster. > -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
