[CMake] CMake 2.6.1 available for download

Alan W. Irwin irwin at beluga.phys.uvic.ca
Fri Aug 1 13:52:23 EDT 2008

On 2008-08-01 13:12-0400 Bill Hoffman wrote:

> On behalf of myself, Ken, Brad, Dave, Alex and the rest of the
> CMake team, we are pleased to announce that CMake 2.6.1 is
> available for download at:
> http://www.cmake.org/HTML/Download.html

Could you please digitally sign your downloadable files (i.e., provide an
armored ascii signature file for each of them) using gpg?  That allows users
to verify the downloads with "gpg --verify" which protects them against
accidental download errors. It also associates the download with your unique
digital signature which is an important measure to help protect your users
from being victims of a malicious version of cmake inserted into your
download site by crackers.

Before you say "that cannot happen here", that was the exact attitude of
gnu.org (where you can download a lot of great free software) before they got
broken into a number of years ago.  It took them many months to clean up
the mess, but the good thing that came out of it was new policy that all
their downloadables had to be digitally signed.

Because of that incident, the PLplot developers decided to digitally sign
all our downloadables.  I hope that the CMake developers adopt that same
policy to supplement any other measures they may have in place to make
sure the downloadables are not changed after they are created.

Alan W. Irwin

Astronomical research affiliation with Department of Physics and Astronomy,
University of Victoria (astrowww.phys.uvic.ca).

Programming affiliations with the FreeEOS equation-of-state implementation
for stellar interiors (freeeos.sf.net); PLplot scientific plotting software
package (plplot.org); the libLASi project (unifont.org/lasi); the Loads of
Linux Links project (loll.sf.net); and the Linux Brochure Project

Linux-powered Science

More information about the CMake mailing list