Erik de Castro Lopo wrote:> I also notice that on sourceforge: > > https://sourceforge.net/projects/flac/files/flac-win/ > > there are still 1000+ downloads per week 1.2.1 windows binaries > with know security holes. What do people think of the idea of > disabling downloads of old, known buggy Windows binary downlaods?FLAC 1.2.1 is the last version that works on Win95/98/NT4/2000 and also it still has in_flac.dll (a plugin for Winamp 2.x). Also 1.2.1 is the latest official binaries that don't require SSE2. So it can be useful for some (very small) group of people.
> On 1 Jan 2017, at 07:54, lvqcl.mail <lvqcl.mail at gmail.com> wrote: > > Erik de Castro Lopo wrote: > >> I also notice that on sourceforge: >> >> https://sourceforge.net/projects/flac/files/flac-win/ >> >> there are still 1000+ downloads per week 1.2.1 windows binaries >> with know security holes. What do people think of the idea of >> disabling downloads of old, known buggy Windows binary downlaods? > > FLAC 1.2.1 is the last version that works on Win95/98/NT4/2000 and > also it still has in_flac.dll (a plugin for Winamp 2.x). Also 1.2.1 > is the latest official binaries that don't require SSE2. So it can > be useful for some (very small) group of people. > _______________________________________________ >Considering a newer version is posted right above 1.2.1 version I assume most traffic is from direct links from a third party to the SourceForge binary. Otherwise most people would be opting for the newer one. My guess is that the majority of people downloading 1.2.1 from SF.net don’t even know there is a newer version and keep using an unsafe version. My suggestion would be to keep older versions on the Xiph download site and remove all binaries from SourceForge (perhaps only keep 1.3.2 there). People who specifically need to find older versions can still get it from Xiph while people being sent to the outdated 1.2.1 version from a third party site will need to Google for it and will most likely stumble upon the relevant Xiph page and get the most recent version. Maurits
On Sun, Jan 01, 2017 at 07:40:57PM +0000, mauritsvb at xs4all.nl wrote:> > FLAC 1.2.1 is the last version that works on Win95/98/NT4/2000 and > > also it still has in_flac.dll (a plugin for Winamp 2.x). Also 1.2.1 > > is the latest official binaries that don't require SSE2. So it can > > be useful for some (very small) group of people. > > Considering a newer version is posted right above 1.2.1 version I assume most traffic is from direct links from a third party to the SourceForge binary. Otherwise most people would be opting for the newer one. My guess is that the majority of people downloading 1.2.1 from SF.net don’t even know there is a newer version and keep using an unsafe version.Is there a way to get the Referer logs from SourceForge?> My suggestion would be to keep older versions on the Xiph download site and remove all binaries from SourceForge (perhaps only keep 1.3.2 there). People who specifically need to find older versions can still get it from Xiph while people being sent to the outdated 1.2.1 version from a third party site will need to Google for it and will most likely stumble upon the relevant Xiph page and get the most recent version.-- -Dec. ---