Avast blocks Neon images • KDE Community Forums

This forum has been archived. All content is frozen. Please use KDE Discuss instead.

Board index

Avast blocks Neon images

Page 2 of 2 (24 posts)

Previous • 1, 2

Tags:

raddison Registered Member Posts 515 Karma 0	Re: Avast blocks Neon images Tue Jan 24, 2017 10:08 am scummos wrote: raddison wrote:Agreed. However, some Windows users (and wannabe Neon users) can't use that method without a third party app. And that app is more of a headache than anything else. I think a SHA256 would be beneficial if hosted on a Ubuntu secure server and would practically cure my headache. I think the problem is that the KDE mirror network can't use SSL, because SSL doesn't work well with distributed mirror networks, and thus providing SHA sums is not very useful ... GPG signatures, on the other hand, rely on a different path for verification of the key trust, and thus are useful even if both image and signature come from an unreliable source. I guess people should consider distributing checksums with their release announcements, be it by email or blog. The gpg method is just fine if one is on Linux. If one is (still) on Windows, it's a headache. A SHA256 posted by the builder on this very forum should do the job just fine. Just an example though. A double blind method is recommended when "visting" a checksum. False positives are likely to occur quite frequently. It's just that it never happened to me before (at least not in conjunction with Neon). https://youtu.be/6WuTNMleuQI Best wishes community, Richard Addison Proud to be powered by Plasma
scummos Global Moderator Posts 1175 Karma 7 OS	Re: Avast blocks Neon images Tue Jan 24, 2017 9:22 pm raddison wrote:False positives are likely to occur quite frequently. False positives occur frequently because, frankly, heuristic antivirus software is complete nonsense. I'm working on the KDevelop IDE.
compatico Registered Member Posts 106 Karma 0 OS	Re: Avast blocks Neon images Wed Jan 25, 2017 5:06 am scummos wrote:False positives occur frequently because, frankly, heuristic antivirus software is complete nonsense. Good answer! When I used Windows, I always disabled antivirus heuristics...it would trigger false positives and not catch all sorts of new junk out there. Since switching to linux, no more worries.
nalvarez KDE Developer Posts 8 Karma 0 OS	Re: Avast blocks Neon images Wed Jan 25, 2017 6:22 am scummos wrote:I think the problem is that the KDE mirror network can't use SSL, because SSL doesn't work well with distributed mirror networks, and thus providing SHA sums is not very useful ... GPG signatures, on the other hand, rely on a different path for verification of the key trust, and thus are useful even if both image and signature come from an unreliable source. We're actually considering SSL. The important factor here is: will modern browsers complain if files.kde.org with SSL redirects to a mirror without SSL?
raddison Registered Member Posts 515 Karma 0	Re: Avast blocks Neon images Wed Jan 25, 2017 10:06 am scummos wrote: raddison wrote:False positives are likely to occur quite frequently. False positives occur frequently because, frankly, heuristic antivirus software is complete nonsense. Hi, I agree on the fact that heuristics is nonsense. Moreover, I think the very concept of "antivirus" is obsolete (any platform). Some people are working on implementing other concepts. Not there yet though. It seems Avast have solved their issue but chances are it'll come back. At any rate, can someone confirme they don't detect anything malicious in the images? Best wishes community, Richard Addison Last edited by raddison on Fri Jan 27, 2017 5:12 pm, edited 1 time in total. Proud to be powered by Plasma
raddison Registered Member Posts 515 Karma 0	Re: Avast blocks Neon images Thu Jan 26, 2017 7:09 pm Hi guys, Me again New images have been released today. I expect Avast won't find false positives again. Shall see. Either way, I consider the matter closed. Thank you all for your support. Best wishes community, Richard Addison Proud to be powered by Plasma
raddison Registered Member Posts 515 Karma 0	Re: Avast blocks Neon images Tue May 23, 2017 4:19 pm GPG signatures, on the other hand, rely on a different path for verification of the key trust, and thus are useful even if both image and signature come from an unreliable source. @Scummos Body, most would say that I'm not dumb but I still don't understand how to perform a GPG check. I have the .iso and the .sig in the same folder. I know where's the Ubuntu keyserver but other than that I'm clueless. I've checksummed the images (and the re-imaged install disk too ) and everything is fine BUT I want GPG as well. Could you give me some guidance, please? Much appreciated in advance. Proud to be powered by Plasma
scummos Global Moderator Posts 1175 Karma 7 OS	Re: Avast blocks Neon images Wed May 24, 2017 7:08 am Try this: gpg --recv-keys <the long fingerprint ID the image is signed with> gpg --verify foo.sig (or foo.asc) I'm working on the KDevelop IDE.
raddison Registered Member Posts 515 Karma 0	Re: Avast blocks Neon images Wed May 24, 2017 8:08 pm @scummos Thank you. Proud to be powered by Plasma

Page 2 of 2 (24 posts)

Previous • 1, 2

Bookmarks

Who is online

Registered users: Bing [Bot], blue_bullet, Google [Bot], rockscient, Yahoo [Bot]