On 12/06/2016 02:41 PM, Cris Fuhrman wrote: > It's good to be paranoid. I suspected a virus, too, weeks ago when > 2.2.2 was released (my Microsoft anti-virus even deleted the download > before I could run it!). However, VirusTotal shows that a minority of > the virus detectors see a Trojan in the installer exes distributed for > LyX, but most do not: > > https://www.virustotal.com/en/file/f6a843b13bcbbcf7e7ae6cba3842f55b73d0327834e55fd47ec2a7314975ebd0/analysis/ > > Also, when I check the signatures with "gpg" (using a git bash in > Windows 10), I see "Good signature" (my emphasis below):
Just to emphasize a point made earlier: This verifies that the file is the same as the one that *I* uploaded. Uwe does not sign the binaries he sends me, so I have no way to verify that they are the same as the ones he produced. If you know how to set up signing, etc, on Windows, perhaps you could help Uwe get that set up on his machine? If so, perhaps you could email him at uwesto...@lyx.org and cc me and we can try to sort this out? Richard
