> -----Original Message----- > From: cmake-developers [mailto:cmake-developers-boun...@cmake.org] > On 24/07/15 07:04, David Powell wrote: > > hi > > > > I downloaded cmake an hour ago from cmake.org <http://cmake.org/> and > found myself with an unwanted piece of software called "advanced mac > cleaner", an app that was hard to get rid of. I'm not certain it came from your > site but it happened at the same time and I can't think of any other > explanation.. The download file from cmake.org <http://cmake.org/> > (supposedly the latest stable dmg for mac) was much bigger (30MB) than the > cmake file I subsequently downloaded from github. > > > > > > > > I don't know about that, but I just noticed that cmake.org allows HTTP > (non-HTTPS) downloads. > > HTTP has no form of cryptographic authentication or verification, and it's > incredibly easy for a MitM to attach malware to your downloads. > > IMO, the HTTP downloads should be removed ASAP.
Two other ideas that don't require HTTPS hosting of large binary files: * On Windows, cryptographically sign the setup program using Authenticode. When the UAC prompts for elevation, Windows will show it signed by "Kitware" instead of a yellow warning "Unknown". Probably the other operating systems have a first-class way of doing something like this as well. Downside: certificates cost some modest amount of money to renew every year. * Post SHA-1 hashes of the EXEs/DMGs/tarballs on the CMake web site, and post them over HTTPS. But downside here is that many users won't bother to check this (e.g. Windows has no well-known in-built utility for calculating a file hash). I agree the current situation of unsigned files available over HTTP only is not really ideal. Perhaps this would be a good opportunity for looking at enhancements to CMake itself in the area of code signing (e.g. code signing of individual target EXEs/DLLs, and code signing of the final setup EXE package by CPack) that hides the various operating-system-specific ways of doing this? Then, CMake itself can be modified to be built with these new features, if available. A quick Google search of cmake.org for code signing didn't yield much in the way of previous discussion or existing features... Best regards, James Johnston -- Powered by www.kitware.com Please keep messages on-topic and check the CMake FAQ at: http://www.cmake.org/Wiki/CMake_FAQ Kitware offers various services to support the CMake community. For more information on each offering, please visit: CMake Support: http://cmake.org/cmake/help/support.html CMake Consulting: http://cmake.org/cmake/help/consulting.html CMake Training Courses: http://cmake.org/cmake/help/training.html Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html Follow this link to subscribe/unsubscribe: http://public.kitware.com/mailman/listinfo/cmake-developers