Rockbox General > Rockbox General Discussion

Rockbox 1.2.10 Virus Found

<< < (3/3)

GodEater:
But signed by whom?

Rockbox the organisation has no PKI so far, and I'm not sure we've got the time to set one up.

bluebrother:

--- Quote from: GodEater on June 18, 2011, 03:02:37 AM ---But signed by whom?
--- End quote ---

Well, someone (f.e.: me when creating new binaries) could also create gpg signatures. But what's the point? Unless there is a web of trust around that includes my public key you'd need to trust my public key so there is no real benefit. And anyone could post modified binaries with signatures on some other place (like all those download sites, or worse somewhere else and those download sites picking up the wrong ones). And while I did the last releases it's not guaranteed or necessary that I'll be doing the next ones so you would need to trust someone else then.

There is really no sensible fix about antivirus programs reporting nonsense but fixing those antivirus programs. And anyone not trusting our binaries can build himself from the source. The provided  binaries are for convenience only anyway, especially on those platforms where it's uncommon to build stuff yourself.

dmoriarty:
3rd September 2011 and AVG 2011 free (Latest Update 03/09/2011 15:11 has detected a threat:

Win32.ArchAMS.iaps

It says it is "Not Virous: Hoax"

I wanted to state that this is still going on.  I have attached the warning from AVG.  I realise it is probably a false alarm, but several AV programs are reporting this.  I was going to download podcasts from my sisters, and was going to take RU on a USB stick so I could put voicefiles on the mp3 player after potcasts put on, however now I won't take RU with me, and will have non speaking entries on my mp3 player.  I realy don't want to introduce a (false alarm) virus alart to someone elses computer.  Luckily I can also see large fonts, so I can manage.

I have been downloading a lot of software receently and this is the first time this has hapened.

When is the next version comming out?

saratoga:

--- Quote from: dmoriarty on September 03, 2011, 10:59:45 AM ---When is the next version comming out?

--- End quote ---

Allow me to suggest something from the post above yours:


--- Quote from: bluebrother ---There is really no sensible fix about antivirus programs reporting nonsense but fixing those antivirus programs. And anyone not trusting our binaries can build himself from the source. The provided  binaries are for convenience only anyway, especially on those platforms where it's uncommon to build stuff yourself.
--- End quote ---

So basically, you have 3 options:

1)  Ignore your crappy AV software
2)  Wait and hope your AV software eventually fixes their bug
3)  Compile your own build from the source

bluebrother:

--- Quote from: dmoriarty on September 03, 2011, 10:59:45 AM ---It says it is "Not Virous: Hoax"
--- End quote ---

So it does not classify it as a virus but some program you might not want. Fortunately, people usually know better than software.


--- Quote ---When is the next version comming out?
--- End quote ---

What is that supposed to change about this issue?

Navigation

[0] Message Index

[*] Previous page