[Very important] unpleasant news about standalone python programs on windows (i.e. our bzr.exe)
John Arbash Meinel
john at arbash-meinel.com
Wed Aug 16 15:52:32 BST 2006
Alexander Belchenko wrote:
> Recently appears new Trojan horse for Windows that was written in Python
> and compiled to standalone executable with py2exe. Some antivirus
> software (at least AVG and Kaspersky) adding this kind of executable to
> their databases.
>
> Because I also create standalone bzr.exe with py2exe then we potentially
> could have false positive alarm from our users.
>
> For details see:
> http://www.voidspace.org.uk/python/weblog/arch_d7_2006_08_12.shtml#e432
>
> and mailing list of py2exe (thread named 'run_w.exe problems').
>
> --
> Alexander
Thanks for the warning.
By the way, are you able to sign your uploads. Something like:
gpg --detach-sign bzr-0.9.0-win32.exe
Should create a bzr-0.9.0-win32.exe.sig
Which would be nice to have on the download page. As it should prevent
people from uploading a bogus version of the installer.
By the way, are Attachments versioned in Moin? When I worked with it, it
seems you can delete what is there, and upload a new one (though you
can't upload over an existing one). But I don't see any way to get back
an older copy.
John
=:->
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20060816/af27e989/attachment.pgp
More information about the bazaar
mailing list