Mailing-List: contact ooo-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
Reply-To: ooo-dev@incubator.apache.org
Received-SPF: pass (athena.apache.org: domain of marcus.mail@wtnet.de
 designates 213.209.103.15 as permitted sender)
Message-ID: <4F9EE564.1040801@wtnet.de>
Date: Mon, 30 Apr 2012 21:17:56 +0200
From: "Marcus (OOo)" <marcus.mail@wtnet.de>
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de;
 rv:1.9.2.20) Gecko/20110804 Thunderbird/3.1.12
MIME-Version: 1.0
To: ooo-dev@incubator.apache.org
CC: sebb <sebbaz@gmail.com>, trademarks@apache.org
Subject: Re: Draft blog post: Avoiding OpenOffice Download Scams
References: 
 <CAP-ksohBqi4DoEjm_kMO+4=Q7BZ7b78WxFcn45OL6jYQXbORcQ@mail.gmail.com>
	<CAOGo0Va254n_z+1O2P58=yqSJHK8KrtWhP+VUQ0sHGHRB8+7ng@mail.gmail.com>
	<CAP-ksohcmXXB4xhH7wFksTETCN8y1SXNOvZj82PWyFNeN9sysQ@mail.gmail.com>
 <CAOGo0VYF3mKTjgASBzeAyyp8oVFFXLJRu8AhNL6Gay3tezD7-Q@mail.gmail.com>
In-Reply-To: 
 <CAOGo0VYF3mKTjgASBzeAyyp8oVFFXLJRu8AhNL6Gay3tezD7-Q@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Am 04/30/2012 08:57 PM, schrieb sebb:
> On 30 April 2012 19:41, Rob Weir<robweir@apache.org>  wrote:
>> On Mon, Apr 30, 2012 at 2:27 PM, sebb<sebbaz@gmail.com>  wrote:
>>> On 30 April 2012 19:10, Rob Weir<robweir@apache.org>  wrote:
>>>> https://blogs.apache.org/preview/OOo/?previewEntry=draft_avoiding_openoffice_download_scams
>>>>
>>>> I know Louis and others have dealt with these things for longer.
>>>> Anything else I should mention?
>>>>
>>>> I considered adding a discussion of the importance of MD5 hashes,
>>>> etc., but that is not really the skill level of the end user who
>>>> downloads OpenOffice.
>>>>
>>>> I'm also cc'ing trademarks@ since it may be of interest to them and/or
>>>> they might have feedback.
>>>
>>> A few suggestions:
>>>
>>> The first paragraph should be quoted and / or in italic.
>>>
>>> s/the open source license/its open source license/ - there are several
>>> instances of this.
>>>
>>
>> Yes.
>>
>>> If the end-user is likely to find the concept of MD5 difficult, won't
>>> they also find it difficult to use the provided e-mail link?
>>>
>>
>> It is a hyperlink so in most cases it will just launch their email.
>
> Sorry, was not clear - I meant that they might have difficulty
> de-mangling the anti-spam measure.
>
> Maybe it would be better to direct them to a web-page that can give
> more information on reporting such problems.
> That page could be updated as necessary (e.g. when the e-mail address
> changes on graduation).

The German community of the old OOo project has written something very 
similar:

http://www.openoffice.org/de/abgezockt/

It's to inform users that OOo is free of change, they shouldn't pay 
anything for it, where to download the original software, etc.

Of course it's currently only in German ;-( but maybe it makes sense to 
translate it into English and to go on with using it.

Marcus


> Or the page could use plain-text mail links to temporary mail aliases
> that are rotated (would need to involve infra on that).
>
> Having a separate reporting page would be much more flexible; just
> make sure that its URL does not change (or a redirect is used).
>
>>> i.e. mailto:ooo-private-AT-incubator.apache-DOT-org
>>>
>>> Also, do such reports need to go to the private mailing list?
>>>
>>
>> It is for the user's safety.  Otherwise I can be sure we'll get their
>> home phone numbers and credit card numbers posted to the public list.
>> Remember, we're talking about the very end users who have already been
>> scammed once.  So we already know that they are not the most careful
>> web users.
>
> OK, understood.
>
>> Of course, we don't need to collect their reports if we don't want to.
>>   But they send them already.  This particular one was sent to our
>> security list.
>>
>> -Rob
>>>> -Rob