[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Suspicious Debian 10.0.0 download behaviour.



Dear Debian Admin,

when I tried to download Debian 10.0.0 via Distrowatch I was surprised to be asked for my admin password at the end of the download plus there was another window requesting something else.  I cancelled them both and could not find the downloaded file.

I initially contacted Distrowatch who suggested I send it on to debian-www@lists.debian.org who suggested it is more appropriate to send it on to you.   I hope this has found the right place this time.

The original download link from Distrowatch was:

(1) https://cdimage.debian.org/debian-cd/10.0.0-live/amd64/iso-hybrid/debian-live-10.0.0-amd64-gnome.iso

This redirected to the following Swedish site:

(2) https://caesar.ftp.acc.umu.se/debian-cd/10.0.0-live/amd64/iso-hybrid/debian-live-10.0.0-amd64-cinnamon.iso/

Because the password request is not what most of us expect, nor should it be, so you might like to look into it.  The download behaviour via Distrowatch may be OK, but it is unusual.  It could be that the site has the Debian files mixed with other files that need password protection, but it could also be malicious.

I hope this unusual behaviour does not put off any Debian users.

I have now downloaded a "live" version of Debian 10.0.0 from another site uneventfully and it boots and runs OK.

I will leave it with you.

You guys are doing a great job that is widely appreciated.  Best wishes.

Rick
 



Reply to: