This is the mail archive of the
mailing list for the GCC project.
unhappiness with zero package security
- From: "squidmobile at fastmail dot fm" <squidmobile at fastmail dot fm>
- To: gcc at gcc dot gnu dot org
- Date: Sat, 02 Jul 2016 11:12:04 -0400
- Subject: unhappiness with zero package security
- Authentication-results: sourceware.org; auth=none
02 jul 2016
i tried to build and install gcc, and i ran into a problem. your
docs suggest isl acts as an OPTIONAL package for optimizations.
however, i could not build gcc without it.
when i went to download it, i discovered the hosting website
(http://isl.gforge.inria.fr/) offered zero security. no pgp
signatures. no https. no .md5/sha* sums. nothing. when i went
to their github, it offered only a self-signed certificate.
considering the fsf offers all of its packages via https and with
signatures, why would you mandate the use of any package with
zero security? could you not teach the hosting website how to
offer a secure version of its package?
instead of upgrading to 6.1.0 or 5.x, i instead chose 4.9.3 which
appears to NOT require isl.
http://www.fastmail.com - Does exactly what it says on the tin