Re: git-scm.com GUI client links

2018-11-13 Thread Jonathan Nieder 
+git@vger.kernel.org, git-secur...@googlegroups.com -> bcc
Paul J Sanchez wrote:
> On Nov 13, 2018, at 2:25 PM, Stefan Beller  wrote:

>> The link seems to be https://aurees.com/ ?
>>
>> They seem to have
>> https://aurees.com/legal/license-agreement
>> which is a hilarious read:
>>
>> You agree that each and every e-mail address, which You use during
>> registration or to commit changes into a Git repository, is
>> automatically sent to and stored by Nezaboodka for verification
>> purposes;
>> You agree with Nezaboodka's and their partners' advertising to be
>> shown by the Software and to be sent to Your registration e-mail;
>> You may neither disable nor block automatic updates of the Software;
>> You may neither disable nor block sending of anonymous usage
>> statistics to Nezaboodka;
>> You may download, install and any number of copies of the Software
>> registered under Free License;
>>
>> Further:
>>   The Agreement is a public agreement (offer) as defined by the law
>> of Republic of Belarus (article 396 of Civil Code of Republic of
>> Belarus). This Agreement is governed by the laws of Republic of
>> Belarus
>>
>> ... I did not know English is an official language in Belarus.
>
> I saw the link on git-scm.com.com.  You’re correct, the site is
> https://aurees.com.com/>.
>
> And no, I hadn’t yet gotten as far as the license-agreement.  Egad!
> Total show-stopper.
>
> After seeing the licensing terms, I’d agree with Sophos.  Software
> which harvests my e-mail addresses and usage data and has
> autoupdates which cannot be disabled or blocked qualifies as malware
> in my opinion.

Re: git-scm.com GUI client links

2018-11-13 Thread Jonathan Nieder 
+cc: git@vger.kernel.org, git-secur...@googlegroups.com -> bcc
Hi!

Paul J Sanchez wrote:

> Over the weekend I saw a link to a Mac git client I had not seen
> before:  Aurees.  When I went to the linked site to download a copy,
> my antivirus software (Sophos) warned me that it contains malware.
> I immediately threw it away without installing, but figured that
> git-scm.com  should be aware of this.

See https://groups.google.com/d/msg/msysgit/br212yYOZ70/bp5t4QpZk10J
for a similar symptom in the past.

See that thread for some advice on how to track this down.  Sadly,
my experience with antivirus software is that it is just not very
reliable.

That said, it's possible that this Mac Git client is indeed infected.
Can you point me to the page where you found it?  The git-scm.com web
site is maintained at https://github.com/git/git-scm.com; that page
has instructions for contributing to it.

Thanks and hope that helps,
Jonathan