[cmake-developers] malware?
Michael Enßlin
michael at ensslin.cc
Fri Jul 24 01:18:39 EDT 2015
On 24/07/15 07:04, David Powell wrote:
> hi
>
> I downloaded cmake an hour ago from cmake.org <http://cmake.org/> and found myself with an unwanted piece of software called “advanced mac cleaner”, an app that was hard to get rid of. I’m not certain it came from your site but it happened at the same time and I can’t think of any other explanation.. The download file from cmake.org <http://cmake.org/> (supposedly the latest stable dmg for mac) was much bigger (30MB) than the cmake file I subsequently downloaded from github.
>
>
>
I don't know about that, but I just noticed that cmake.org allows HTTP
(non-HTTPS) downloads.
HTTP has no form of cryptographic authentication or verification, and
it's incredibly easy for a MitM to attach malware to your downloads.
IMO, the HTTP downloads should be removed ASAP.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://public.kitware.com/pipermail/cmake-developers/attachments/20150724/80ede623/attachment.sig>
More information about the cmake-developers
mailing list