The original KiCad domain name (kicad - pcb.org) was recently sold to an unnamed third party that is not affiliated with the KiCad Project or members of the KiCad Development Team. This sale was unexpected and may pose a risk to KiCad users. The new owners may simply post advertisements or (worst-case scenario) they may host malicious versions of the KiCad software for download.
How did this happen?
The domain name was originally registered in 2012 by the then project lead Dick Hollenbeck. As KiCad did not have a formal entity at the time, he registered it in his own name through his company SoftPLC. When the KiCad Project formally became a registered project under the Linux Foundation, we attempted to secure the rights to the original domain name from Dick without success.
We are removing all links to the old domain name in the software for version 5.1.11 as well as 6.0. We are also contacting various sites that host content related to KiCad to update their links.
What can I do?
Please do not contact Dick about this. He cannot undo the damage at this point. If you host KiCad videos on YouTube or content on a blog that has links to kicad - pcb.org, please update them to kicad.org as soon as possible. This will decrease the visibility of the old domain-name and limit the damage. You can also contact tech sites that post reviews of KiCad or otherwise have links to the old site and ask them to update their links.
When installing KiCad, please always verify the installation signature. Starting with KiCad version 5.99, all installs are signed by KiCad Services Corporation.
What is KiCad doing to prevent this in the future?
The current kicad.org domain name is not under control of a single person. We have built in safeguards to our transfer process. Additionally, all KiCad trademarks are registered to the Linux Foundation for the sole purpose of advancing open-source EDA software.
I contacted Chris to see about updating existing links in the forum to the new website. Hopefully between that and our outreach, we can remove the majority of possible routes
Hopefully I will have lots more time in the very near future. One thing I’d like to do is set up a ‘sandbox box’. It would come in handy for keeping an eye on such things. At minimum if it goes rogue it could be reported and taken down. Maybe also watching for claimed or implied ties to the software would be good.
Only if there is something malicious posted there. Right now it is parked with ads. After purchasing the domain name, a new owner needs to wait 30 days before moving to a different provider.
The best way to fix this is to remove all links to the old address. We are in the process of doing this. Everyone can help by updating the various bits they find around the internet. Update wikis, notify tutorial generators, etc
For some reason, I did a search which showed a limited number of posts (was only showing the FAQs). That was indeed not the entirety of the links. I have another method I’ll be doing instead.
I have created an issue for uBlock Origin plugin: issue in github
After the uBlock Origin team add the old website to their badware list, the users of this plugin will be prevented to access to the website if any residual link to the old domain name exists.
This feature save me some days ago with lubuntu, so, I hope this help some KiCad users.
It would come in handy for keeping an eye on such things. At minimum if it goes rogue it could be reported and taken down. Maybe also watching for claimed or implied ties to the software would be good.
