-
-
Notifications
You must be signed in to change notification settings - Fork 335
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
This site ahead may contain harmful programs #667
Comments
Thanks for letting us know! 🙏 Could you please share the steps to reproduce? FWIW just tried googling Miniforge, clicking different links, and performing downloads of Miniforge on Safari, Chrome, and Firefox without seeing the issue. Am having a hard time getting the error so need some more pointers on how |
to me, it happens when I get to the specific link in the screenshot |
for me it was downloading the arm installer from this table https://github.com/conda-forge/miniforge?tab=readme-ov-file#miniforge3 I was on really slow hotel wifi that is open access, no auth. that might have had something to do with it? |
Interesting thanks! 🙏 Am able to reproduce in Google Chrome when going here: https://github.com/conda-forge/miniforge?tab=readme-ov-file Note that dropping the parameter does not cause the issue: https://github.com/conda-forge/miniforge Searching for more info about why Chrome is flagging this URL leads to this Google Support answer with recommended next steps cc @conda-forge/core |
The warning is still active and can be reproduced. |
Do the links at https://conda-forge.org/download/ raise any warnings? |
I tried all six links and the downloads went through |
I'm still having this issue. How Can I verify that the download is safe (miniforge for apple silicone)? |
Here's a tad more info from the Google Safe Browsing site (e.g. when the last scan was made): |
I checked guidelines and everything but we can't pin point at what exactly is triggering the warning. There are a bunch of links to shell scripts (installers), so maybe the don't like this. We could ask for a review through their Search Console (or whatever the name is), but that requires ownership of the "website". Since this a Github repo, we can't do that. The only alternative I can think of is putting the README contents in https://conda-forge.org/download (or a more specific page like WDYT @conda-forge/core? |
Go for it! |
I brought this up in the core meeting and yes, looks like we have no other choice. |
The error still shows up despite the new README without direct links, and https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Fgithub.com%2Fconda-forge%2Fminiforge%3Ftab%3Dreadme-ov-file says it was updated today. Let's give it a couple days more for now... |
On our main webpage, we have a Do we want to keep that or change that? |
I would strongly suggest reaching out GitHub support with this, given that this relates to a github.com site and conda-forge is a Microsoft supported project. I would be shocked if the "Install unwanted or malicious software on visitors’ computers" warning is just the linking of the .sh files, given that plenty of other READMEs contain such information and links. My guess is this is an erroneous report to Google Safe Browsing initiative. The main problem though is that requesting a review (https://web.dev/articles/request-a-review) is only possible with that site ownership, which we can't achieve in this case. EDIT: Oh in fact there is an option on https://web.dev/articles/request-a-review:
|
This is for phishing reports, not malicious software, I'm afraid.
Well spotted, let me add a PR! |
We seem to still be getting reports. Should we do something more here? Wonder if we should replace this table with a link back to our own download webpage |
I guess we'll need to move all the relevant README content there at this point. Not sure why it complains when we are not linking to any SH files directly anymore and it shouldn't pick up the code blocks. |
Just realized that maybe the reason we are (STILL!) being flagged is because of the https://conda-forge.org/miniforge minisite linked in the sidebar. I changed that now, let's see what happens |
Comment:
What????
The text was updated successfully, but these errors were encountered: