Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove abandoned skii.rb #6570

Merged
merged 1 commit into from
Oct 9, 2014
Merged

remove abandoned skii.rb #6570

merged 1 commit into from
Oct 9, 2014

Conversation

rolandwalker
Copy link
Contributor

  • Original homepage (http://www.awesome-studio.tk/) taken over by squatters.
    I get various redirections, including one which generated a malware warning.
  • The url points to an anonymous cloud.app user.
  • The macupdate page referenced as homepage points to the same cloud.app
    download.

It seems that nobody is vouching for this binary. Historical awesome-studio.tk
is also blocked from the Wayback Machine. We have no information about the
provenance of this app, and should not include it.

@rolandwalker
remove abandoned skii.rb
885c9fe 
* Original homepage (http://www.awesome-studio.tk/) taken over by squatters.
  I get various redirections, including one which generated a malware warning.
* The `url` points to an anonymous cloud.app user.
* The macupdate page referenced as `homepage` points to the same cloud.app
  download.

It seems that nobody is vouching for this binary.  Historical awesome-studio.tk
is also blocked from the Wayback Machine.  We have no information about the
provenance of this app, and should not include it.
tapeinosyne pushed a commit that referenced this pull request Oct 9, 2014
Merge pull request #6570 from rolandwalker/remove_skii
1304359 
remove abandoned skii.rb
@tapeinosyne tapeinosyne merged commit 1304359 into Homebrew:master Oct 9, 2014
@rolandwalker rolandwalker deleted the remove_skii branch October 9, 2014 13:14
@tapeinosyne
Copy link
Contributor

@vitorgalvao, you might want to read this, as it pertains our general inclusion policy. (The fast merge was made in the interest of user safety.)

@vitorgalvao
Copy link
Member

I did, @ndr-qef (thank you for the ping), and agree. I’ve only checked that it wasn’t crashing and admittedly forgot to check the links.

MacUpdate does host a link to it, though. Should we trust that one?

@rolandwalker
Copy link
Contributor Author

Going further to cc all @caskroom/maintainers .

@ndr-qef said in IRC that this Cask is "effectively malicious", which seems right. This would be a good way to disguise an attack.

@vitorgalvao the macupdate link is just a redirect to the cl.ly url in the deleted Cask. I take that to mean that macupdate does not stand behind this binary, and even if so, they are not the author and have not read the source.

@rolandwalker rolandwalker mentioned this pull request Oct 9, 2014
Closed
14 tasks
This was referenced Dec 5, 2014
Closed
Closed
@rolandwalker rolandwalker mentioned this pull request Dec 19, 2014
Closed
@Homebrew Homebrew locked and limited conversation to collaborators May 8, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rolandwalker @tapeinosyne @vitorgalvao