-
-
Notifications
You must be signed in to change notification settings - Fork 10.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Delete filezilla.rb #55583
Delete filezilla.rb #55583
Conversation
Filezilla seems to be a bit evil now: the official download contains now an installer that contains ad- and malware (https://download.filezilla-project.org/client/FileZilla_3.39.0_macosx-x86_setup_bundled.dmg) and the alternative download-link has a download-protection (https://filezilla-project.org/download.php?show_all=1) Here is an article to the 3.39.0 release: https://www.bleepingcomputer.com/news/security/filezillas-use-of-bundled-offers-sparks-outrage-from-users/
@Homebrew/cask Technically, we have a procedure for casks with malware, but this has also been given a ton of issues because their server is not playing nice. So far, I’m inclined to remove it. |
thanks for removing it. the last time ( #48874 (comment) ) i wanted to remove malware from HBC i was told the official policy is to keep it ( https://github.com/Homebrew/homebrew-cask/blob/master/doc/faq/apps_with_malware.md ) ;( |
@core-code You’re welcome, and thanks for bringing the case to our attention! |
I might wrong, but Actually, there are 2 version on their server. One is bundled version: One is clean version: The article just said:
So, can we add it back to the cask? (and passing param --http1.1 to curl to solve the issue #55692) Thanks. |
noone claimed that both versions are infected. one version is infected, the other version we had problems with the download protection. that said, i honestly am unsure why anyone would want to use software from people (even if this particular version is 'clean') if those people also make adware infected versions. they can just infect your supposedly clean version at will too, don't be naive about the technical possibilities. and the will to do 'harm' is obviously there. |
Agreed. Unless they’re bought by someone who vows to clean up their act, FileZilla is permanently soiled. Having a “clean” version does not excuse the “dirty” one, especially since they want users to “fall for” the bad one.
And to be fair, in that case that was the right decision because that specific software was not malware (not made by the same company). |
Pinging @Homebrew/cask just to let everyone know FileZilla should not be readded if someone submits it. |
There is no download protection, you can try or manually download at https://download.filezilla-project.org/client/
Know your concern. but for now, it's clean. |
@up9cloud Your workaround may work for downloading FileZilla, yes, but it may also have adverse effects on other casks (changing the command won’t affect just one cask). You likely haven’t tested for that. And it doesn’t really matter that they have clean and dirty versions. Their dirty version tries to hide it’s dirty, so it’s quite possible the clean version is also bad or will be in the future. And since I pinged all maintainers so they’re aware, if we keep up the discussion they’ll get spammed to no end. For that reason, I’m locking this particular issue. We may revisit this decision in the future if something changes, but for now it’s clear FileZilla should not be trusted. If you want it as a cask, consider hosting your own tap. |
Filezilla seems to be a bit evil now: the official download contains now an installer that contains ad- and malware (https://download.filezilla-project.org/client/FileZilla_3.39.0_macosx-x86_setup_bundled.dmg) and the alternative download-link has a download-protection (https://filezilla-project.org/download.php?show_all=1)
Here is an article to the 3.39.0 release:
https://www.bleepingcomputer.com/news/security/filezillas-use-of-bundled-offers-sparks-outrage-from-users/