New GMP release? Really?
Vincent Lefevre
vincent at vinc17.net
Wed Mar 26 08:57:05 UTC 2014
On 2014-03-26 06:31:17 +0100, bodrato at mail.dm.unipi.it wrote:
> Ciao,
>
> Il Mar, 25 Marzo 2014 9:40 am, Vincent Lefevre ha scritto:
> > I can see on the https://gmplib.org/ web page that GMP 6.0.0 is
>
> > What's going on?
>
> GMP 6.0 is out.
>
> It was expected, wasn't it? :D
>
> https://gmplib.org/list-archives/gmp-discuss/2014-March/005528.html
Well, yesterday morning there were 3 things that weren't expected:
1. No signatures. Users should always verify signatures. So, there's
no point in replacing an old tarball by a new one before signatures
are available, unless you want to incite users to use the tarballs
without checking that they come from a reliable source (just in
case there had been a security issue with the web server).
2. No release candidates. I've always seen release candidates for GMP.
And for a major version, I would have expected a release candidate
even more. So, that's very unusual.
3. No announce, probably because of (1). But some developer could have
sent a mail to -discuss to clarify the situation.
If someone malicious had compromised the web server, he wouldn't have
behaved in some other way.
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the gmp-discuss
mailing list