On Tue, Jul 25, 2017 at 7:36 AM, Igor Forca <[email protected]> wrote: > Hi, > today on Vim nightly for Windows > https://github.com/vim/vim-win32-installer/releases/ > I tried to download gvim_8.0.0771_x64.zip so link is > https://github.com/vim/vim-win32-installer/releases/download/v8.0.0771/gvim_8.0.0771_x64.zip > > When clicking on above link web page URL is changed to > https://github-production-release-asset-2e65be.s3.amazonaws.com/50428480/1f20e306-70cd-11e7-8b18-27d2c2dca7a8?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20170725%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20170725T053509Z&X-Amz-Expires=300&X-Amz-Signature=a71f7054845a27fa8e7f3fe102514f19362f278e4773c3ce17a49d58ab81fa78&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Dgvim_8.0.0771_x64.zip&response-content-type=application%2Foctet-stream > > and I get "Deceptive Site" red screen in Firefox 54 with full message: > > > > Deceptive Site! > > This web page at github-production-release-asset-2e65be.s3.amazonaws.com has > been reported as a deceptive site and has been blocked based on your security > preferences. > > Deceptive sites are designed to trick you into doing something dangerous, > like installing software, or revealing your personal information, like > passwords, phone numbers or credit cards. > > Entering any information on this web page may result in identity theft or > other fraud. > > > Is it fine to continue or is there really a security problem? > Regards
Well, of course github is a site which "tries to make you install software", but of course it is software that you want to get in the first place. Using either Firefox 56.0a1 or SeaMonkey 2.53a1 (both of which are "bleeding-edge nightlies" built from Mozilla's latest development source) I can download this zipfile with no alert dialog. The "source" of the download in the Download Manager is your github-production-release-asset- (etc.) URL. But I am on Linux64 so of course I cannot install the program to see if it works — or only in Wine which mightn't be "the real thing". Also, my security preferences are probably other than yours. In my SeaMonkey preferences, under "Privacy & Security", both "Safe Browsing" checkboxes are ticked, viz. "Block reported attack sites (malware, viruses)" and "Block reported web forgeries (Phishing)". In Firefox preferences, near the bottom of the "Privacy & Security" tab, all three of "Block dangerous and deceptive content", "Block dangerous downloads" and "Warn you about unwanted and uncommon software" are ticked. I suspect that you might be a victim of some Firefox bug, recently "fixed" in the 56.0a1 Nightly source but which wasn't yet fixed in Fx54 when it graduated from "beta" to "release" some weeks ago. This is only a guess, however, and you might want to search the Mozilla bug tracker, https://bugzilla.mozilla.org/ about recently fixed Firefox privacy & security bugs in order to make your own opinion about it. Best regards, Tony. -- -- You received this message from the "vim_use" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_use" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
