On Mon, Apr 30, 2012 at 3:52 PM, Louis Suárez-Potts <[email protected]> wrote: > Hi > On 2012-04-30, at 15:17 , Marcus (OOo) wrote: > >> Am 04/30/2012 08:57 PM, schrieb sebb: >>> On 30 April 2012 19:41, Rob Weir<[email protected]> wrote: >>>> On Mon, Apr 30, 2012 at 2:27 PM, sebb<[email protected]> wrote: >>>>> On 30 April 2012 19:10, Rob Weir<[email protected]> wrote: >>>>>> https://blogs.apache.org/preview/OOo/?previewEntry=draft_avoiding_openoffice_download_scams >>>>>> >>>>>> I know Louis and others have dealt with these things for longer. >>>>>> Anything else I should mention? >>>>>> >>>>>> I considered adding a discussion of the importance of MD5 hashes, >>>>>> etc., but that is not really the skill level of the end user who >>>>>> downloads OpenOffice. >>>>>> >>>>>> I'm also cc'ing trademarks@ since it may be of interest to them and/or >>>>>> they might have feedback. >>>>> >>>>> A few suggestions: >>>>> >>>>> The first paragraph should be quoted and / or in italic. >>>>> >>>>> s/the open source license/its open source license/ - there are several >>>>> instances of this. >>>>> >>>> >>>> Yes. >>>> >>>>> If the end-user is likely to find the concept of MD5 difficult, won't >>>>> they also find it difficult to use the provided e-mail link? >>>>> >>>> >>>> It is a hyperlink so in most cases it will just launch their email. >>> >>> Sorry, was not clear - I meant that they might have difficulty >>> de-mangling the anti-spam measure. >>> >>> Maybe it would be better to direct them to a web-page that can give >>> more information on reporting such problems. >>> That page could be updated as necessary (e.g. when the e-mail address >>> changes on graduation). >> >> The German community of the old OOo project has written something very >> similar: >> >> http://www.openoffice.org/de/abgezockt/ >> >> It's to inform users that OOo is free of change, they shouldn't pay anything >> for it, where to download the original software, etc. >> >> Of course it's currently only in German ;-( but maybe it makes sense to >> translate it into English and to go on with using it. >> > > Actually the list associated with it worked fine, and I was also a recipient > of it and after a while, an admin. Further, we also had other pages that > served similar functions in English, though the German communities site was > really the best. A simple email alias (or ideally wiki that is linked via > Jscript or the like to a list) also works well. What we did in the months > prior to transfer was collect urls of miscreants and then, when possible, > proceed against them and defend the innocent. :-) >
So presumably that was "[email protected]"? Was that a mailing list? Public or private? Or an email alias? A could see how an ASF-wide private mailing list could be useful for reporting trademark abuse, In the end, the PMC can collect such issues, but we would also need to circle back to Trademarks@ before we did anything. So maybe centralizing the collection of the reports would make sense? -Rob > Cheers > Louis > >> Marcus >> >> >> >>> Or the page could use plain-text mail links to temporary mail aliases >>> that are rotated (would need to involve infra on that). >>> >>> Having a separate reporting page would be much more flexible; just >>> make sure that its URL does not change (or a redirect is used). >>> >>>>> i.e. mailto:ooo-private-AT-incubator.apache-DOT-org >>>>> >>>>> Also, do such reports need to go to the private mailing list? >>>>> >>>> >>>> It is for the user's safety. Otherwise I can be sure we'll get their >>>> home phone numbers and credit card numbers posted to the public list. >>>> Remember, we're talking about the very end users who have already been >>>> scammed once. So we already know that they are not the most careful >>>> web users. >>> >>> OK, understood. >>> >>>> Of course, we don't need to collect their reports if we don't want to. >>>> But they send them already. This particular one was sent to our >>>> security list. >>>> >>>> -Rob >>>>>> -Rob >
