← Back to team overview

kicad-developers team mailing list archive

Re: Warning about potentially malicious software


Wouldn't be appropriate to add the post as this to the blog on kicad.org as

On Tue, 19 Oct 2021 at 22:30, Seth Hillbrand <seth@xxxxxxxxxxxxx> wrote:

> Hi Folks-
> As you know, the original KiCad domain name (kicad-pcb.org) was recently
> sold.  This happened without notification to the KiCad Project or members
> of the KiCad Development Team. This sale was unexpected and may pose a risk
> to KiCad users. The new owners may simply post advertisements or
> (worst-case scenario) they may host malicious versions of the KiCad
> software for download.
> # How did this happen?
> The domain name was originally registered in 2012 by the then project lead
> Dick Hollenbeck. As KiCad did not have a formal entity at the time, he
> registered it in his own name through his company SoftPLC. When the KiCad
> Project formally became registered under the Linux Foundation, we attempted
> to secure the rights to the original domain name from Dick without success.
> In the meantime, Digikey Corporation purchased the kicad.org domain name
> from squatters and donated it to the KiCad Project.  This is now our
> current domain name.
> # What is the KiCad Project doing now to protect its users?
> We are removing all links to the old domain name in the software for
> version 5.1.11 as well as 6.0. We are also contacting various sites that
> host content related to KiCad to update their links.
> # What can I do?
> Please do not contact Dick about this. He cannot undo the damage at this
> point.
> If you host KiCad videos on YouTube or content on a blog that has links to
> kicad-pcb.org, please update them to kicad.org as soon as possible. This
> will decrease the visibility of the old domain-name and limit the damage.
> You can also contact tech sites that post reviews of KiCad or otherwise
> have links to the old site and ask them to update their links.
> When installing KiCad, please always verify the installation signature.
> Starting with KiCad version 5.99, all installs are signed by KiCad Services
> Corporation.
> # What is KiCad doing to prevent this in the future?
> The current kicad.org domain name is not under control of a single
> person. We have built in safeguards to our transfer process. Additionally,
> all KiCad trademarks are registered to the Linux Foundation for the sole
> purpose of advancing open-source EDA software.
> We regret that this was done to the KiCad project and its users.
> --
> [image: KiCad Services Corporation Logo]
> Seth Hillbrand
> *Lead Developer*
> +1-530-302-5483‬
> Long Beach, CA
> www.kipro-pcb.com    info@xxxxxxxxxxxxx
> _______________________________________________
> Mailing list: https://launchpad.net/~kicad-developers
> Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~kicad-developers
> More help   : https://help.launchpad.net/ListHelp

Follow ups