G2: RoboFab repo has been taken over by someone

I don’t know how many people still use Glyphs 2, but we found recently the Install Modules button has stopped working and it shows this message:

It tries to fetch RoboFab from robofab-developers/robofab and the request had been redirected to robotools/robofab, at least up until February. Then it appears someone has taken the robofab-developers account over and replaced it with very random content, that’s why Glyphs 2 throws an error.

I’ve never thought such squatting happens in real life. It may lead to a serious security issue once it becomes a malicious repo. I don’t come up with a good solution and only G2 is affected, but I just wanted to let you know the current state. Thanks!

$ (cd "$HOME/Library/Application Support/Glyphs/Scripts" && curl -s -L 'https://github.com/robotools/robofab/archive/master.zip' | tar zxf - --strip-components 2 'robofab-master/Lib/robofab')

FYI the command line above will install RoboFab for G2 from the right location.

Thanks for reporting this. Glyphs will not install or update the repository. We will investigate offering robofab again through Glyphs 2 instead of requiring the current command-line workaround.

1 Like

Thank you for bringing that up. I actually managed to update Glyphs 2 to fix this.

1 Like

I confirmed it was fixed with 2.6.11. Thank you so much for your support and quickly addressing the issue!

You still should consider upgrading to Glyphs 3. I’m not sure how long I can keep Glyphs 2 running on newer versions of MacOS.