Mailing-List: contact ooo-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
Reply-To: ooo-dev@incubator.apache.org
Received-SPF: pass (google.com: domain of robweir@apache.org designates
 10.52.173.79 as permitted sender) client-ip=10.52.173.79;
MIME-Version: 1.0
In-Reply-To: <000301ccfa59$2583a6c0$708af440$@acm.org>
References: <007e01ccfa40$44f80e60$cee82b20$@acm.org>
	<CAP-ksogC+Q9WMezxje97ELdBGyGEmVzZMENzw8Xua+VMr_2tgg@mail.gmail.com>
	<00b601ccfa4c$622ff3b0$268fdb10$@acm.org>
	<CAP-ksojjs8aWUqv9b0haBY=Kyt6hOxqtOyubaaXoMa2o7DsO0g@mail.gmail.com>
	<000301ccfa59$2583a6c0$708af440$@acm.org>
Date: Sun, 4 Mar 2012 18:03:00 -0500
Message-ID: 
 <CAP-ksog15UQ2JfH1_5wmE1Mq_sO=6uO8cqbE684y-54Tx3Uykg@mail.gmail.com>
Subject: Re: Signing DLLs EXEs and Copyright Notices (was RE: Symantec
 WS.Reputation.1 Errors: What we can do)
From: Rob Weir <robweir@apache.org>
To: ooo-dev@incubator.apache.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On Sun, Mar 4, 2012 at 5:50 PM, Dennis E. Hamilton
<dennis.hamilton@acm.org> wrote:
> Gee Rob, my e-mail client shows a different, appropriate subject to the p=
resent thread.
>
> The branch had to do with understanding the difference between "reputatio=
nal" warnings and actual malware detections (and false positives), and the =
variety of ways these things occur. =C2=A0It makes need for clarification o=
f the specific situation rather important. =C2=A0The signed EXE case comes =
up in regard to warnings on attempt to execute using the Windows OS. =C2=A0=
I suspect that the non-Windows developers might want to appreciate that.
>

OK.  If it clarifies things for you, then great.  I, probably
erroneously, assumed the distinction would be obvious to everyone.
It is pretty standard these days for install instructions to tell the
user to ignore these Windows warnings. We can add it to the install
instructions.  If there are special warnings that show up in less used
browsers like I.E. 9, we can add mention of those as well. But I'm
more interested in AV or OS behavior that is more severe, that would
-- perhaps in a managed desktop environment -- prevent someone from
installing AOO at all.

-Rob

> =C2=A0- Dennis
>
> -----Original Message-----
> From: Rob Weir [mailto:robweir@apache.org]
> Sent: Sunday, March 04, 2012 14:19
> To: ooo-dev@incubator.apache.org
> Subject: Re: Signing DLLs EXEs and Copyright Notices (was RE: Symantec WS=
.Reputation.1 Errors: What we can do)
>
> On Sun, Mar 4, 2012 at 4:18 PM, Dennis E. Hamilton
> <dennis.hamilton@acm.org> wrote:
>> Just to be clear, further, the reputation warning on my Windows configur=
ation is neither from the Windows Installer nor the AV that I have installe=
d. =C2=A0It is the file downloader that is part of Internet Explorer 9. =C2=
=A0Later, there is a Windows OS warning on attempted execution of the downl=
oad. =C2=A0That is based on detection that the file to be executed is from =
an unknown source (not signed) and has been downloaded from the Internet. =
=C2=A0Neither of these are AV or installer behaviors, although the IE9 down=
loader does provide a "security scan" of downloads. =C2=A0I've never seen a=
nything from it other than a reputation warning, though.
>>
>
> That's fine, Dennis. =C2=A0No one ever said your AV was an issue. =C2=A0T=
he only
> thing I've been talking about in the Symantec errors that some testers
> were reporting. =C2=A0That problem does exist, for the reasons I've state=
d
> and with the solutions I've already given. =C2=A0I have no idea why you'v=
e
> hijacked the thread to give elaborate details about how you are *not*
> having a similar problem with an entirely different AV product. =C2=A0It =
is
> irrelevant. =C2=A0Let's all save time and list traffic by only reporting
> issues that exist, not ones that don't exist.
>
> -Rob
>