On Tue, Aug 04, 2020 at 09:24:47AM -0400, Lenore Horner wrote: > I was going to file a bug for gnucash 4.1 because even after a clean, > it fails to build, but when I clicked the github login button from the > macports page https://trac.macports.org/search?q=gnucash > <https://trac.macports.org/search?q=gnucash>, I got a warning from > Avast that the site contains malware and is a phishing scam. Or is > Avast being stupid?
Our GitHub login is a standard OAuth login mechanism. The code that implements this is the trac-github Trac plugin, which we are developing in conjunction with two people from the Trac community over at github.com/trac-hacks/trac-github. Specifically, the code that handles the login is https://github.com/trac-hacks/trac-github/blob/master/tracext/github/__init__.py#L158-L226 To my knowledge, none of that is malicious, and I have personally installed the plugin from this repository on trac.macports.org. I really think this is a false positive from Avast – however, you should report this to Avast so that they become aware of the problem and can adjust their filter mechanisms. -- Clemens
