incubator-ooo-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 118706] Norton reports the installer as unsafe
Date Thu, 29 Dec 2011 20:01:52 GMT
https://issues.apache.org/ooo/show_bug.cgi?id=118706

orcmid <orcmid@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |orcmid@apache.org

--- Comment #2 from orcmid <orcmid@apache.org> 2011-12-29 20:01:52 UTC ---
Why are we so quick to close these without further information from the
reporter?

OBSERVATIONS

The nightly builds and other developer builds can trigger warnings from
security software for several reasons:

 1. The Windows installer is not digitally signed; that may lead to warnings
and different treatment depending on security settings and severity thresholds.

 2. Some download software (such as Internet Explorer and Microsoft Security
Extensions) develop white-lists and black-lists for downloads.  A download that
doesn't have a recognized signature (a category that new builds fall into)
because it has not been seen downloaded before and has no assessment of its
safety will provoke warnings.  There are even options to submit the file for
assessment and determination of the safety of the file for future encounters.

There is always reason for concern in the case of a security warning, even if
it is likely to be a false positive (or precautionary warning).

We need to find out enough details so that guidance on confirmation of valid
developer builds and their locations can be provided and to have assurance that
a counterfeit, malicious build is not being passed around.   

To brush someone off with a support link is inappropriate unless there is a
specific support location for this situation.

-- 
Configure bugmail: https://issues.apache.org/ooo/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Mime
View raw message