install-tl.exe trojan
Norbert Preining
norbert at preining.info
Fri Jan 10 06:28:39 CET 2025
Hi Julian,
(please keep the list in Cc!)
> got it from https://mirror.ctan.org/systems/texlive/tlnet/install-tl-windows.exe via tug.org.
>
> not signed though.
It is signed, but not with signtool ;-)
There are files
install-tl-windows.exe.sha512
install-tl-windows.exe.sha512.asc
The first can be checked with
$ sha512sum -c install-tl-windows.exe.sha512
install-tl-windows.exe: OK
which compares the saved sha512 sum against the one computed from
install-tl-windows.exe.
Then you can check the authenticity of the .sha512 file with
(assuming you have our public key imported):
$ gpg --verify install-tl-windows.exe.sha512.asc
gpg: assuming signed data in 'install-tl-windows.exe.sha512'
gpg: Signature made Mon Jan 6 09:49:42 2025 JST
gpg: using RSA key D8F2F86057A857E42A88106A4CE1877E19438C70
gpg: Good signature from "TeX Live Distribution <tex-live at tug.org>" [full]
Primary key fingerprint: C78B 82D8 C795 12F7 9CC0 D7C8 0D5E 5D91 06BA B6BC
Subkey fingerprint: D8F2 F860 57A8 57E4 2A88 106A 4CE1 877E 1943 8C70
Best regards
Norbert
--
PREINING Norbert https://www.preining.info
arXiv / Cornell University + IFMGA Guide + TU Wien + TeX Live
GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
More information about the tex-live
mailing list.