Am 24.02.20 um 19:54 schrieb Jeff Sadowski:
As soon as chrome finishes the download I get a message: dangerous, so Chrome has blocked it. message on the downloaded file. I have not gotten this in the past.
Maybe your site has been hacked?
No. This is Chrome trying to be smart, but actually being stupid.
It will probably just take some time/number of downloads to get whitelisted - The current release is just over a week old, so obviously the download numbers are low and it will trigger the "low number of downloads, possibly malicious" heuristics of some Antivirus products/Browsers. The previous stable version doesn't generate such a warning for me - due to its age.
The proper way, if you're using an Antivirus or a Browser that complains about X2GoClient, would be to escalate the issue with the manufacturer of the Antivirus/of the Browser, reporting it as a false positive. The more reports they get, the more likely it is that they will whitelist it sooner.
Is there a md5 or sha1 hash that I can use that has a gpg signing that I can trust came from the developers? I've seen this with other open source software.
My guess is that you are referring to the Windows installer, as the Linux packages are signed in a way that the package management software can verify their integrity automatically.
The current release can be found here: <https://code.x2go.org/releases/binary-win32/x2goclient/releases/4.1.2.2-2020.02.13/x2goclient-4.1.2.2-2020.02.13-setup.exe>
If you remove the actual filename ("x2goclient-4.1.2.2-2020.02.13-setup.exe") from that URL, you will end up in the directory, where you can find MD5, SHA1, and SHA256 hashes and an ASC file with the gpg signature.
Kind Regards, Stefan Baur
-- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243