-
Notifications
You must be signed in to change notification settings - Fork 430
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
expat-win32bin-2.3.0.exe showing virus warnings #461
Comments
CC #376 Do you still have the link for the VirusTotal results? I sort of kept the installer alive so far for historic reasons. I wish I had a way of asking the user base if there is some need left for the installer. Probably not. In was thinking about dropping it myself already 🤔 |
PS: Do you mean in general in the future or also for 2.3.0 — the past — in particular? |
Do you still have the link for the VirusTotal results?
I sort of kept the installer alive so far for
historic reasons. I wish I had a way of asking
the user base if there is some need left for the
installer. Probably not. In was thinking about dropping it myself already �
Ideally, simpler instructions on how to build
from sources would be great - If not, perhaps if
you include the WIN32 binaries in ZIP format it
may not throw the virus warnings.
PS: Do you mean in general in the future or also
for 2.3.0 � tthe past � in particular?
In general, if the binaries were available in a
ZIP format it might avoid the virus warnings
(unless the warnings are coming from the binary files themselves).
|
...regarding last point, for 2.3.0 would be appreciated.
Do you still have the link for the VirusTotal results?
I sort of kept the installer alive so far for
historic reasons. I wish I had a way of asking
the user base if there is some need left for the
installer. Probably not. In was thinking about dropping it myself already �
Ideally, simpler instructions on how to build
from sources would be great - If not, perhaps if
you include the WIN32 binaries in ZIP format it
may not throw the virus warnings.
PS: Do you mean in general in the future or also
for 2.3.0 � tthe past � in particular?
In general, if the binaries were available in a
ZIP format it might avoid the virus warnings
(unless the warnings are coming from the binary files themselves).
|
Okay, done. I have attached a new file expat-win32bin-2.3.0.zip to release 2.3.0 on GitHub for download just now. # cd "$(mktemp -d)"
# wget https://github.com/libexpat/libexpat/releases/download/R_2_3_0/expat-win32bin-2.3.0.exe
# sha256sum expat-win32bin-2.3.0.exe
6493ffe620c6661f970f706155418c656bd147a33a5a620903b34796e914e4da expat-win32bin-2.3.0.exe
# innoextract -e expat-win32bin-2.3.0.exe
# ( cd app && zip -9 -r ../expat-win32bin-2.3.0.zip . )
# sha256sum expat-win32bin-2.3.0.zip
37f6f65c905c5ebe3dc7a607300610c8499962ff972bbc0f1f0d952317ec2877 expat-win32bin-2.3.0.zip Thanks for the link!
Is this about native compilation on a Windows terminal with Visual Studio, msbuild and CMake available? Please help me understand your scenario better. Thanks!
That's a good point. Unless the AI changes its mind again in the future (like we had with #376 earlier), VirusTotal likes the zip file better, it seems: |
PS: I have added the new zip to SourceForge as well now and made it the default download for Windows. I have some hope that as a result the installer downloads will go down to zero OR reveal that people keep doing explicit manual downloads of the installer. Let's see. |
PS: I have
<https://sourceforge.net/projects/expat/files/expat_win32/2.3.0/>added
the new zip to SourceForge as well now and made it the default
download for Windows. I have some hope that as a result the
installer downloads will go down to zero OR reveal that people keep
doing explicit manual downloads of the installer. Let's see.
I have attached a new file
<https://github.com/libexpat/libexpat/releases/download/R_2_3_0/expat-win32bin-2.3.0.zip>expat-win32bin-2.3.0.zip
to
<https://github.com/libexpat/libexpat/releases/tag/R_2_3_0>release
2.3.0 on GitHub for download just now.
For its creation, this is what I did on my Linux box:
That works - No more warnings... and easy to use... Thanks! :-)
Ideally, simpler instructions on how to build from sources would be great
Is this about native compilation on a Windows terminal with Visual
Studio, msbuild and CMake available? Please help me understand your
scenario better. Thanks!
I use Windows with Visual Studio and nmake or gnumake
|
PS: I have
<https://sourceforge.net/projects/expat/files/expat_win32/2.3.0/>added
the new zip to SourceForge as well now and made it the default
download for Windows. I have some hope that as a result the
installer downloads will go down to zero OR reveal that people keep
doing explicit manual downloads of the installer. Let's see.
Not a fair test since people will usually select the option with the
most downloads and the EXE is way ahead of the ZIP - For a true test,
you need to start both the EXE and ZIP with 0 downloads each.
|
The zip is the default download on SourceForge now so only people how crawl into the file tree to manually pick the exe will get it: Numbers will not have an impact before you crawled down to that folder. So if the exe does not go down to zero that would say something as the system is largely in favor of the zip now.
I guess you would need CMake generator "NMake Makefiles" or "MinGW Makefiles" then. |
I guess you would need CMake generator "NMake Makefiles" or "MinGW
Makefiles" then.
Is this about building Expat in isolation or as one piece of a tree
of CMake projects?
Have you figured how to build Expat by now or is it about being able
to build (and not "just" about extending documentation)?
I am fine working with the (clean!) ZIP file. I was just letting you
know that (IMO) the build process could be simplified/automated a bit
more for those that want to build from source.
|
I was hoping to learn more about what would be needed there because I don't really know. Personally, I try to trust as few binaries as possible so if I can help more people to move from binaries to sources that would be good in my view. |
Sure, I am happy to work with you if that would
help the project. Perhaps we should take this
off-line to private email? Feel free to contact
me directly and we can work through this.
At 4/14/2021 09:19 AM, you wrote:
…I am fine working with the (clean!) ZIP file. I
was just letting you know that (IMO) the build
process could be simplified/automated a bit more
for those that want to build from source.
I was hoping to learn more about what would be
needed there because I don't really know.
Personally, I try to trust as few binaries as
possible so if I can help more people to move
from binaries to sources that would be good in my view.
You are receiving this because you authored the thread.
Reply to this email directly,
<#461 (comment)>view
it on GitHub, or
<https://github.com/notifications/unsubscribe-auth/ALY66P3IIIU5OL35YE5EQ7TTIWI7LANCNFSM424ERKFQ>unsubscribe.
|
Sounds good but I don't have your e-mail address and it doesn't seem public on GitHub. Can you drop me a oneliner to my e-mail? It's on my profile page. Thanks! |
I sent you private email - Let me know (here) if you don't receive it.
At 4/14/2021 09:34 AM, you wrote:
…Sure, I am happy to work with you if that would
help the project. Perhaps we should take this
off-line to private email? Feel free to contact
me directly and we can work through this.
Sounds good but I don't have your e-mail address
and it doesn't seem public on GitHub. Can you
drop me a oneliner to my e-mail? It's on my profile page. Thanks!
You are receiving this because you authored the thread.
Reply to this email directly,
<#461 (comment)>view
it on GitHub, or
<https://github.com/notifications/unsubscribe-auth/ALY66P6P6FFCKUF5BVBRRUDTIWKV5ANCNFSM424ERKFQ>unsubscribe.
|
Got your mail and will reply soon, thanks! I'll close the ticket here for now: We can make a new ticket when it's clear that the installer is going to go away about installer removal, easily. If you'd rather have the ticket re-open, just let me know. |
expat-win32bin-2.3.0.exe is showing virus warnings in VirusTotal.
I previously reported this for the 2.2.9 exe.
Any chance you can post the WIN32 binaries as a ZIP file instead of an EXE?
The text was updated successfully, but these errors were encountered: