Hi, i wrote: > > Quite surely Debian does not put malware into its ISOs.
Steve McIntyre wrote: > No, *definitely* not. Well, as upstream programmer i could - intentionally or as victim of malware myself - be the culprit who sneaks malware into a Debian ISO. I try hard to keep my machines clean and my moral reputable, but in the end i do not dare to be more affirmative than "Quite surely". > I've raised a few tickets with Google Please notify bug 966538 about any progress. > We're wondering if it might just be a hash collision or something. If it's not weaker than MD5 then this is extremely unlikely without a systematic connection to malware classification. If some program binary was registered as malware by mistake, that would be such a connection. > It's difficult to tell with ~zero diagnostics. :-/ To my humble opinion, this obscure behavior should be reason enough to disable the malware check by default. My Debian 10 is only 6 days old and i did not install anything browser related after the netinst installation was done. So the checker came quite surely by default with the Firefox installation. (Currently the desktop is LXDE, if this matters. Switching to fvwm is still on my todo list ... after i learned how to keep the galaxy collision screensaver ...) Have a nice day :) Thomas