On 24/07/15 07:04, David Powell wrote: > hi > > I downloaded cmake an hour ago from cmake.org <http://cmake.org/> and found > myself with an unwanted piece of software called “advanced mac cleaner”, an > app that was hard to get rid of. I’m not certain it came from your site but > it happened at the same time and I can’t think of any other explanation.. > The download file from cmake.org <http://cmake.org/> (supposedly the latest > stable dmg for mac) was much bigger (30MB) than the cmake file I subsequently > downloaded from github. > > >
I don't know about that, but I just noticed that cmake.org allows HTTP (non-HTTPS) downloads. HTTP has no form of cryptographic authentication or verification, and it's incredibly easy for a MitM to attach malware to your downloads. IMO, the HTTP downloads should be removed ASAP.
signature.asc
Description: OpenPGP digital signature
-- Powered by www.kitware.com Please keep messages on-topic and check the CMake FAQ at: http://www.cmake.org/Wiki/CMake_FAQ Kitware offers various services to support the CMake community. For more information on each offering, please visit: CMake Support: http://cmake.org/cmake/help/support.html CMake Consulting: http://cmake.org/cmake/help/consulting.html CMake Training Courses: http://cmake.org/cmake/help/training.html Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html Follow this link to subscribe/unsubscribe: http://public.kitware.com/mailman/listinfo/cmake-developers
