kicad-developers team mailing list archive

Thread
Date

Re: Warning about potentially malicious software

To: Seth Hillbrand <seth@xxxxxxxxxxxxx>
From: Nick Østergaard <oe.nick@xxxxxxxxx>
Date: Tue, 19 Oct 2021 22:44:06 +0200
Cc: KiCad Developers <kicad-developers@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CAFdeG-qKQCLCXgeUprxBe5Pr+RPAP-Pq-KBGzLY9iP+qCVpfKw@mail.gmail.com>

Wouldn't be appropriate to add the post as this to the blog on kicad.org as
well?

On Tue, 19 Oct 2021 at 22:30, Seth Hillbrand <seth@xxxxxxxxxxxxx> wrote:

> Hi Folks-
>
> As you know, the original KiCad domain name (kicad-pcb.org) was recently
> sold.  This happened without notification to the KiCad Project or members
> of the KiCad Development Team. This sale was unexpected and may pose a risk
> to KiCad users. The new owners may simply post advertisements or
> (worst-case scenario) they may host malicious versions of the KiCad
> software for download.
>
> # How did this happen?
>
> The domain name was originally registered in 2012 by the then project lead
> Dick Hollenbeck. As KiCad did not have a formal entity at the time, he
> registered it in his own name through his company SoftPLC. When the KiCad
> Project formally became registered under the Linux Foundation, we attempted
> to secure the rights to the original domain name from Dick without success.
>
> In the meantime, Digikey Corporation purchased the kicad.org domain name
> from squatters and donated it to the KiCad Project.  This is now our
> current domain name.
>
> # What is the KiCad Project doing now to protect its users?
>
> We are removing all links to the old domain name in the software for
> version 5.1.11 as well as 6.0. We are also contacting various sites that
> host content related to KiCad to update their links.
>
> # What can I do?
>
> Please do not contact Dick about this. He cannot undo the damage at this
> point.
>
> If you host KiCad videos on YouTube or content on a blog that has links to
> kicad-pcb.org, please update them to kicad.org as soon as possible. This
> will decrease the visibility of the old domain-name and limit the damage.
> You can also contact tech sites that post reviews of KiCad or otherwise
> have links to the old site and ask them to update their links.
>
> When installing KiCad, please always verify the installation signature.
> Starting with KiCad version 5.99, all installs are signed by KiCad Services
> Corporation.
>
> # What is KiCad doing to prevent this in the future?
>
> The current kicad.org domain name is not under control of a single
> person. We have built in safeguards to our transfer process. Additionally,
> all KiCad trademarks are registered to the Linux Foundation for the sole
> purpose of advancing open-source EDA software.
>
> We regret that this was done to the KiCad project and its users.
>
> --
> [image: KiCad Services Corporation Logo]
> Seth Hillbrand
> *Lead Developer*
> +1-530-302-5483‬
> Long Beach, CA
> www.kipro-pcb.com    info@xxxxxxxxxxxxx
> _______________________________________________
> Mailing list: https://launchpad.net/~kicad-developers
> Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~kicad-developers
> More help   : https://help.launchpad.net/ListHelp
>

Follow ups

Re: Warning about potentially malicious software
From: Reece R. Pollack, 2021-10-19

References

Warning about potentially malicious software
From: Seth Hillbrand, 2021-10-19