incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <robw...@apache.org>
Subject Re: Draft blog post: Avoiding OpenOffice Download Scams
Date Mon, 30 Apr 2012 21:53:01 GMT
On Mon, Apr 30, 2012 at 2:57 PM, sebb <sebbaz@gmail.com> wrote:
> On 30 April 2012 19:41, Rob Weir <robweir@apache.org> wrote:
>> On Mon, Apr 30, 2012 at 2:27 PM, sebb <sebbaz@gmail.com> wrote:
>>> On 30 April 2012 19:10, Rob Weir <robweir@apache.org> wrote:
>>>> https://blogs.apache.org/preview/OOo/?previewEntry=draft_avoiding_openoffice_download_scams
>>>>
>>>> I know Louis and others have dealt with these things for longer.
>>>> Anything else I should mention?
>>>>
>>>> I considered adding a discussion of the importance of MD5 hashes,
>>>> etc., but that is not really the skill level of the end user who
>>>> downloads OpenOffice.
>>>>
>>>> I'm also cc'ing trademarks@ since it may be of interest to them and/or
>>>> they might have feedback.
>>>
>>> A few suggestions:
>>>
>>> The first paragraph should be quoted and / or in italic.
>>>
>>> s/the open source license/its open source license/ - there are several
>>> instances of this.
>>>
>>
>> Yes.
>>
>>> If the end-user is likely to find the concept of MD5 difficult, won't
>>> they also find it difficult to use the provided e-mail link?
>>>
>>
>> It is a hyperlink so in most cases it will just launch their email.
>
> Sorry, was not clear - I meant that they might have difficulty
> de-mangling the anti-spam measure.
>
> Maybe it would be better to direct them to a web-page that can give
> more information on reporting such problems.
> That page could be updated as necessary (e.g. when the e-mail address
> changes on graduation).
>
> Or the page could use plain-text mail links to temporary mail aliases
> that are rotated (would need to involve infra on that).
>
> Having a separate reporting page would be much more flexible; just
> make sure that its URL does not change (or a redirect is used).
>

Could do it via Bugzilla or JIRA as well, thought that does require
account creation.  But users tend to understand that this is a public
database and are more careful with what they put there.


>>> i.e. mailto:ooo-private-AT-incubator.apache-DOT-org
>>>
>>> Also, do such reports need to go to the private mailing list?
>>>
>>
>> It is for the user's safety.  Otherwise I can be sure we'll get their
>> home phone numbers and credit card numbers posted to the public list.
>> Remember, we're talking about the very end users who have already been
>> scammed once.  So we already know that they are not the most careful
>> web users.
>
> OK, understood.
>
>> Of course, we don't need to collect their reports if we don't want to.
>>  But they send them already.  This particular one was sent to our
>> security list.
>>
>> -Rob
>>>> -Rob

Mime
View raw message