Hi, Rick <mt.osm...@bigpond.com> wrote: > Debian admin, > > earlier today I used the download link from Distrowatch to download > Debian 10.0.0 and got this Swedish link: > > /https://caesar.ftp.acc.umu.se/debian-cd/10.0.0-live/amd64/iso-hybrid/debian-live-10.0.0-amd64-cinnamon.iso/
debian-www is for maintaining the webpages of debian.org only. You might want to post this at debian-l...@lists.debian.org instead. Holger > Everything proceeded as normal right through to completion of the full > 2.4GB download and then *surprisingly I was asked to enter my admin > password and there was another suspicious request window as well.* I > was highly suspicious and didn't enter any passwords and instead > cancelled both of those requests. I looked for the downloaded file > and there was none to be found anywhere on my file system so it appears > something was downloaded and then when I cancelled it the file was deleted. > > I then noticed that the original download site > (https://cdimage.debian.org/debian-cd/10.0.0-live/amd64/iso-hybrid/debian-live-10.0.0-amd64-gnome.iso) > > on Distrowatch was different from the one that the file had downloaded > from - ie. it had been redirected. That looked very suspicious so I > contacted Distrowatch who told me that they simply provide Debian links > provided by you and that it would be advisable to let you know there is > some irregularity. > > I have now downloaded a "live" version of Debian 10.0.0 from another > site and it boots and runs OK. > > The download behaviour may be OK, but is not at all usual. It could be > that the site has mixed the Debian files with other files that need > password protection, but it could also be malicious. > > I will leave it with you. > > Best wishes, and keep up your much appreciated effort. > > Rick > > -- Holger Wansing <hwans...@mailbox.org> PGP-Fingerprint: 496A C6E8 1442 4B34 8508 3529 59F1 87CA 156E B076