On 28 December 2011 20:18, Dennis E. Hamilton <[email protected]> wrote: > I see a number of factors related to the bug report, below: > > 1. The high search-result placement for a pay-for-download site
This is pretty much impossible to manage. There needs to be an attempt to get them to respect our trademark policy, this will help a little and will at least require them to link back to the AOO site. > 2. The prospect that the download is not authentic As others have said Apache releases need to be signed and can therefore be authenticated. Again, enforcing the trademark policy is important here as we can communicate this information to those who look. Perhaps it would be possible to make the installer verify the package automatically. Of course, they could always build their own package from our sources, but then it wouldn't be verifiable against our keys. > 3. The collection of a payment for the download There is nothing to prevent people from taking payment for distributing open source software. Ross
