Ditto is an extension to the Windows Clipboard. You copy something to the Clipboard and Ditto takes what you copied and stores it in a database to retrieve at a later time.
Having used it for years it is one of the first apps I install on any new computer.
Background:
I went a bit deep into this repo as I was searching for an arm64 version, or possibly an easy way to create one (didn't find it and local compilation also failed with something in SQLite3 c++ code).
While searching I came across secrets stored in appveyor.xml file which contains CHOCO_API_KEY and GITHUB_API_KEY.
Ehm... I have not tried it, but I would probably be able push a rogue binary to choco and likely also create a rogue release with custom uploaded binaries to github releases.
... and thereby infect everyone installing from those sources with whatever rogue stuff :( :(
Sourceforge + winget is likely still secure.
Can you please remove and also cycle these secrets? There are options to store secrets in github CI/CD parts, in Azure DevOps and likely also in appveyor - I think @sabrogden is the right one to poke on this.
(second/third: Can I humbly ask for arm64 be added to your build targets? My c++ skills are way too old to fix it correctly)
First of all, I LOVE DITTO!
Having used it for years it is one of the first apps I install on any new computer.
Background: I went a bit deep into this repo as I was searching for an arm64 version, or possibly an easy way to create one (didn't find it and local compilation also failed with something in SQLite3 c++ code).
While searching I came across secrets stored in appveyor.xml file which contains CHOCO_API_KEY and GITHUB_API_KEY.
Ehm... I have not tried it, but I would probably be able push a rogue binary to choco and likely also create a rogue release with custom uploaded binaries to github releases.
... and thereby infect everyone installing from those sources with whatever rogue stuff :( :(
Sourceforge + winget is likely still secure.
Can you please remove and also cycle these secrets? There are options to store secrets in github CI/CD parts, in Azure DevOps and likely also in appveyor - I think @sabrogden is the right one to poke on this.
(second/third: Can I humbly ask for arm64 be added to your build targets? My c++ skills are way too old to fix it correctly)