valgrind 3.13.0

[zmwangx]

Created with brew bump-formula-pr.

---

🇹🇹

[zmwangx]

The FTP URL comes from http://www.valgrind.org/downloads/current.html#current. http://valgrind.org/downloads/valgrind-3.13.0.tar.bz2, as one would expect from past URLs, is not available.

[ilovezfs]

So there is still a prayer of finishing #6408 before 10.13 is officially released.

[zmwangx]

dshb alone will stop your attempt to take over the world with Sierra.

[ilovezfs]

37 installs in the last 30 days. Tempting …

[amallia]

Please merge this.

[zmwangx]

@amallia Of course it will be merged sooner or later...
Are you a new maintainer? If not, please don't abuse the approval feature; it's pointless and confusing...

[amallia]

@zmwangx I am not a maintainer, even though I would be very happy to help maintaining it.

I approved since i checked the changes and they look good for me. Sorry if this was confusing.

[zmwangx]

I approved since i checked the changes and they look good for me.

Yeah, although technically GitHub allows you to do that, as I said approval from a non-maintainer is pointless (no offense). PRs (especially the green ones) are routinely merged here at maintainers' leisure. A "please merge this" comment doesn't expedite the process, except maybe on a neglected old PR, where a gentle bump might help. (I say this from the experience of a long term contributor and ex-maintainer.)

[amallia]

Understand. I just thought two extra eyes could be good and wanted to signal that i checked.

[ilovezfs]

@zmwangx I see the ftp url on their site, but that does seem really weird.

[zmwangx]

I opened this PR very soon after their release announcement. I assume they checked their download page before sending out the announcement, and I doubt they were hacked minutes after that. Anyway, I can send an email to the mailing list for confirmation if you want to be extra cautious.

[amallia]

@ilovezfs sourceware.org should be legit IMO. Probably the old way of distributing it was BW consuming. If they got the the site hacked, they could have changed the packaged.

EDIT: Dont forget that their repo is public: svn co svn://svn.valgrind.org/valgrind/trunk valgrind

[ilovezfs]

In any case, I'll wait for this to show up on some mirrors before proceeding.

[zmwangx]

I sent an email to valgrind-users. Probably will show up in the archive later. https://sourceforge.net/p/valgrind/mailman/valgrind-users/?style=threaded

Update. Here it is: https://sourceforge.net/p/valgrind/mailman/message/35897473/

[ilovezfs]

Poifect.

[zmwangx]

By the way RC1 were hosted at sourceware.org too. See https://sourceforge.net/p/valgrind/mailman/message/35879348/.

[zmwangx]

Got a reply from one of the developers:

According to the download page
http://www.valgrind.org/downloads/current.html, the tarball of the 3.13.0 is
hosted at sourceware.org
(ftp://sourceware.org/pub/valgrind/valgrind-3.13.0.tar.bz2). Is this legit?
Just want to make sure, because releases up until 3.12.0 were all hosted
directly on valgrind.org.

Yes it is. We will also soon move the code repository from subversion on
svn.valgrind.org to git on sourceware. Website will most likely stay on
valgrind.org and the bug tracker on bugs.kde.org.

https://sourceforge.net/p/valgrind/mailman/message/35897582/

[ilovezfs]

Perhaps they just haven't heard of GitHub yet.

[zmwangx]

Should I send another email informing them of GitHub and GitLab?

[ilovezfs]

Should I send another email informing them of GitHub and GitLab?

That would be quite amusing.

[ilovezfs]

🎆 🎇 💎

[ilovezfs]

@zmwangx while you're at it, you could mention the existence of sha256 since they're still posting md5.

[zmwangx]

I gently reminded them that MD5 was cracked more than a decade ago. (Though I forgot at the moment that a practical preimage attack on MD5 was yet to be found.)