Debian admin,
earlier today I used the download link from Distrowatch to download
Debian 10.0.0 and got this Swedish link:
/https://caesar.ftp.acc.umu.se/debian-cd/10.0.0-live/amd64/iso-hybrid/debian-live-10.0.0-amd64-cinnamon.iso/
Everything proceeded as normal right through to completion of the full
2.4GB download and then *surprisingly I was asked to enter my admin
password and there was another suspicious request window as well.* I
was highly suspicious and didn't enter any passwords and instead
cancelled both of those requests. I looked for the downloaded file
and there was none to be found anywhere on my file system so it appears
something was downloaded and then when I cancelled it the file was deleted.
I then noticed that the original download site
(https://cdimage.debian.org/debian-cd/10.0.0-live/amd64/iso-hybrid/debian-live-10.0.0-amd64-gnome.iso)
on Distrowatch was different from the one that the file had downloaded
from - ie. it had been redirected. That looked very suspicious so I
contacted Distrowatch who told me that they simply provide Debian links
provided by you and that it would be advisable to let you know there is
some irregularity.
I have now downloaded a "live" version of Debian 10.0.0 from another
site and it boots and runs OK.
The download behaviour may be OK, but is not at all usual. It could be
that the site has mixed the Debian files with other files that need
password protection, but it could also be malicious.
I will leave it with you.
Best wishes, and keep up your much appreciated effort.
Rick