[Very important] unpleasant news about standalone python programs on windows (i.e. our bzr.exe)

John Arbash Meinel john at arbash-meinel.com
Wed Aug 16 15:52:32 BST 2006

Alexander Belchenko wrote:
> Recently appears new Trojan horse for Windows that was written in Python
> and compiled to standalone executable with py2exe. Some antivirus
> software (at least AVG and Kaspersky) adding this kind of executable to
> their databases.
> Because I also create standalone bzr.exe with py2exe then we potentially
> could have false positive alarm from our users.
> For details see:
> http://www.voidspace.org.uk/python/weblog/arch_d7_2006_08_12.shtml#e432
> and mailing list of py2exe (thread named 'run_w.exe problems').
> -- 
> Alexander

Thanks for the warning.

By the way, are you able to sign your uploads. Something like:

gpg --detach-sign bzr-0.9.0-win32.exe

Should create a bzr-0.9.0-win32.exe.sig

Which would be nice to have on the download page. As it should prevent
people from uploading a bogus version of the installer.

By the way, are Attachments versioned in Moin? When I worked with it, it
seems you can delete what is there, and upload a new one (though you
can't upload over an existing one). But I don't see any way to get back
an older copy.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20060816/af27e989/attachment.pgp 

More information about the bazaar mailing list