ED/EDMarketConnector
1
0
Fork 0
mirror of https://github.com/EDCD/EDMarketConnector.git synced 2025-04-22 11:50:28 +03:00
Code Issues Projects Releases Wiki Activity

Troubleshooting: AV: We now build/release wholly on GitHub

Athanasius 2021-08-08 16:45:17 +01:00
parent 118e43c4b6
commit d0149720b4
No known key found for this signature in database
GPG Key ID: AE3E527847057C7D
1 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Troubleshooting.md

@ -230,9 +230,18 @@ can sometimes report that either one of our installers (e.g.
EDMarketConnector_win_5.0.0.msi) or an executable therein is malicious in
some manner. This has invariably always been a false positive.
The .msi files we distribute are built either on a trusted developer's
machine, or on GitHub itself (but then downloaded to a developer's machine
in order to upload as part of the GitHub release process) using
Since release 5.1.3, the .msi files we distribute are built on GitHub itself,
and a draft of the release created directly there. This means that the
installer a user downloads has never been on a developer's machine since it
was built, so there is no opportunity for an infected developer's machine
to insert malware into it or the executable files it contains.
If you trust our source then the only way for malware to make it into our
installers or executables would be a supply chain attack affecting GitHub's
version of files, or the WinSparkle (update checker DLL we use)
distribution that we ask GitHub to download for us.
We convert our python source code into executables using
[py2exe](https://github.com/py2exe/py2exe/).
See discussion in [EDMC 5.0.0. Flagged at Malware by AVG Anti Virus #1058](https://github.com/EDCD/EDMarketConnector/issues/1058)