I've had to remove all binary software downloads from my website because they are being falsely flagged. I wrote about the issue in more detail here: https://medium.com/@byuu_san/googles-monopoly-is-stifling-free-software-e63dea114f39
@byuu Thank you for sharing.
The wording in the feedback from Google is interesting, "Secure your site from any future attacks. Identify and fix vulnerabilities that caused your site to be compromised" - as if it is an absolute fact that your site was compromised when it's actually just Google mislabeling it. It would be interesting to know just how common it is for them to deem any "unknown" .exe file to be malware with zero checks to see if it actually is.
@byuu "we found a file on your server that was not commonly downloaded"
I guess I should just download it more times, then? What the fuck does that even mean as a warning? Is Google upset that you're not distributing pirated software from some popular company or something?
“If code signing is a requirement to distribute free software, then we need a Let’s Encrypt-style alternative for code signing— yesterday.” — @byuu
@byuu so all of your software is now non-binary? What are their pronouns xD
.......isn't the standard way to distribute FOSS binaries to make some kind of 3rd party apt repo?
that way you can automatically distribute updates, & i think for legitimacy you really only need to use gpg signing
(personally i'd probably just use a gitea repo's releases tab because it's a single place to upload the source & stable versions without fiddling with website code)
@valenoern This is just for Windows binaries, so no repository unfortunately.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!