On Mon, Apr 30, 2012 at 2:57 PM, sebb <[email protected]> wrote: > On 30 April 2012 19:41, Rob Weir <[email protected]> wrote: >> On Mon, Apr 30, 2012 at 2:27 PM, sebb <[email protected]> wrote: >>> On 30 April 2012 19:10, Rob Weir <[email protected]> wrote: >>>> https://blogs.apache.org/preview/OOo/?previewEntry=draft_avoiding_openoffice_download_scams >>>> >>>> I know Louis and others have dealt with these things for longer. >>>> Anything else I should mention? >>>> >>>> I considered adding a discussion of the importance of MD5 hashes, >>>> etc., but that is not really the skill level of the end user who >>>> downloads OpenOffice. >>>> >>>> I'm also cc'ing trademarks@ since it may be of interest to them and/or >>>> they might have feedback. >>> >>> A few suggestions: >>> >>> The first paragraph should be quoted and / or in italic. >>> >>> s/the open source license/its open source license/ - there are several >>> instances of this. >>> >> >> Yes. >> >>> If the end-user is likely to find the concept of MD5 difficult, won't >>> they also find it difficult to use the provided e-mail link? >>> >> >> It is a hyperlink so in most cases it will just launch their email. > > Sorry, was not clear - I meant that they might have difficulty > de-mangling the anti-spam measure. > > Maybe it would be better to direct them to a web-page that can give > more information on reporting such problems. > That page could be updated as necessary (e.g. when the e-mail address > changes on graduation). > > Or the page could use plain-text mail links to temporary mail aliases > that are rotated (would need to involve infra on that). > > Having a separate reporting page would be much more flexible; just > make sure that its URL does not change (or a redirect is used). >
Could do it via Bugzilla or JIRA as well, thought that does require account creation. But users tend to understand that this is a public database and are more careful with what they put there. >>> i.e. mailto:ooo-private-AT-incubator.apache-DOT-org >>> >>> Also, do such reports need to go to the private mailing list? >>> >> >> It is for the user's safety. Otherwise I can be sure we'll get their >> home phone numbers and credit card numbers posted to the public list. >> Remember, we're talking about the very end users who have already been >> scammed once. So we already know that they are not the most careful >> web users. > > OK, understood. > >> Of course, we don't need to collect their reports if we don't want to. >> But they send them already. This particular one was sent to our >> security list. >> >> -Rob >>>> -Rob
