incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <robw...@apache.org>
Subject Re: Draft blog post: Avoiding OpenOffice Download Scams
Date Mon, 30 Apr 2012 21:56:07 GMT
On Mon, Apr 30, 2012 at 3:52 PM, Louis Suárez-Potts <luispo@gmail.com> wrote:
> Hi
> On 2012-04-30, at 15:17 , Marcus (OOo) wrote:
>
>> Am 04/30/2012 08:57 PM, schrieb sebb:
>>> On 30 April 2012 19:41, Rob Weir<robweir@apache.org>  wrote:
>>>> On Mon, Apr 30, 2012 at 2:27 PM, sebb<sebbaz@gmail.com>  wrote:
>>>>> On 30 April 2012 19:10, Rob Weir<robweir@apache.org>  wrote:
>>>>>> https://blogs.apache.org/preview/OOo/?previewEntry=draft_avoiding_openoffice_download_scams
>>>>>>
>>>>>> I know Louis and others have dealt with these things for longer.
>>>>>> Anything else I should mention?
>>>>>>
>>>>>> I considered adding a discussion of the importance of MD5 hashes,
>>>>>> etc., but that is not really the skill level of the end user who
>>>>>> downloads OpenOffice.
>>>>>>
>>>>>> I'm also cc'ing trademarks@ since it may be of interest to them and/or
>>>>>> they might have feedback.
>>>>>
>>>>> A few suggestions:
>>>>>
>>>>> The first paragraph should be quoted and / or in italic.
>>>>>
>>>>> s/the open source license/its open source license/ - there are several
>>>>> instances of this.
>>>>>
>>>>
>>>> Yes.
>>>>
>>>>> If the end-user is likely to find the concept of MD5 difficult, won't
>>>>> they also find it difficult to use the provided e-mail link?
>>>>>
>>>>
>>>> It is a hyperlink so in most cases it will just launch their email.
>>>
>>> Sorry, was not clear - I meant that they might have difficulty
>>> de-mangling the anti-spam measure.
>>>
>>> Maybe it would be better to direct them to a web-page that can give
>>> more information on reporting such problems.
>>> That page could be updated as necessary (e.g. when the e-mail address
>>> changes on graduation).
>>
>> The German community of the old OOo project has written something very similar:
>>
>> http://www.openoffice.org/de/abgezockt/
>>
>> It's to inform users that OOo is free of change, they shouldn't pay anything for
it, where to download the original software, etc.
>>
>> Of course it's currently only in German ;-( but maybe it makes sense to translate
it into English and to go on with using it.
>>
>
> Actually the list associated with it worked fine, and I was also a recipient of it and
after a while, an admin. Further, we also had other pages that served similar functions in
English, though the German communities site was really the best. A simple email alias (or
ideally wiki that is linked via Jscript or the like to a list) also works well. What we did
in the months prior to transfer was collect urls of miscreants and then, when possible, proceed
against them and defend the innocent. :-)
>

So presumably that was "abgezockt@openoffice.org"?   Was that a
mailing list?  Public or private?  Or an email alias?

A could see how an ASF-wide private mailing list could be useful for
reporting trademark abuse,  In the end, the PMC can collect such
issues, but we would also need to circle back to Trademarks@ before we
did anything.  So maybe centralizing the collection of the reports
would make sense?

-Rob

> Cheers
> Louis
>
>> Marcus
>>
>>
>>
>>> Or the page could use plain-text mail links to temporary mail aliases
>>> that are rotated (would need to involve infra on that).
>>>
>>> Having a separate reporting page would be much more flexible; just
>>> make sure that its URL does not change (or a redirect is used).
>>>
>>>>> i.e. mailto:ooo-private-AT-incubator.apache-DOT-org
>>>>>
>>>>> Also, do such reports need to go to the private mailing list?
>>>>>
>>>>
>>>> It is for the user's safety.  Otherwise I can be sure we'll get their
>>>> home phone numbers and credit card numbers posted to the public list.
>>>> Remember, we're talking about the very end users who have already been
>>>> scammed once.  So we already know that they are not the most careful
>>>> web users.
>>>
>>> OK, understood.
>>>
>>>> Of course, we don't need to collect their reports if we don't want to.
>>>>  But they send them already.  This particular one was sent to our
>>>> security list.
>>>>
>>>> -Rob
>>>>>> -Rob
>

Mime
View raw message