Has LyX Been Hacked?

Pavel Sanda sanda at lyx.org
Tue Jan 31 13:54:37 UTC 2023


On Tue, Jan 31, 2023 at 11:53:12PM +1300, Paul Kiwi wrote:
> >
> > Can you at least give us your sumcheck of the file you downloaded?
> >
> 
> MD5 checksum:
> 
> c05861976d18d29b0a04792c8b2e844d
> 
> SHA256 checksum:
> 
> 091cd793c21cb24a87a52c6622f7dfe0a6921f0912847ae06eea33a367ff92da

Both are correct.

So neither on the server nor on the way to your computer anything changed.

Remaining are two options:
1) False positive from VirusTotal.
2) Developer's machine creating the windows installer got infected so
   the binary is infected from the very begining.

Given that we get regularly get various false positives I tend to think
this is again the case for 1. However if you are still concerned you can 
a) wait for some time whether other security vendors detect the threat
b) compile current version on your own from the source code (might be
   daunting at windows)
c) download older versions of LyX which are not flagged by VirusTotal on
   your machine

Pavel


More information about the lyx-users mailing list