On Thu, Jun 14, 2012 at 8:42 AM, J B <[email protected]> wrote: > Dear technicians, >
HI JB, > I suspect you have some kind of trojan problem. > > *First clue* > I deinstalled your software and I was directed to your survey webpage. But > the page was unavailable. > It was not necessary to uninstall the previous version of OOo before installing Apache OpenOffice 3.4, but if you did that would be the expected behavior. When the project moved to Apache we turned off the survey collection that Sun had until we could figure out whether we wanted it and if we did how to handle the data protection and data privacy aspects of this. So the error was expected > > *Second clue* > When reinstalling, Windows said that the publisher was unknown. Normally it > says your organisation. > Prior versions were built and digitally signed by Sun. AOO 3.4 did not have an Authenticode digital signature. Instead Apache projects provide a detached PGP/GPG digital signature. However, these signatures are more understood in the Linux admin world, and are not recognized by Microsoft Windows. Thus the warning you see with AOO 3.4. We're looking into providing an Authenticode signature for future releases to avoid this issue. > Then I did a checksum and it did not match. > > ( Should be: a919dc6c480feee7748a63d5d4d03f85 > Apache_OpenOffice_incubating_3.4.0_Win_x86_langpack_en-US.exe > But is: 089966F62006BA94E540A9BBB3E6056A > C:\Users\Koblenz\Downloads\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe) > Where are you finding the "should be" checksums? The checksum for the en_US version is here: http://www.apache.org/dist/incubator/ooo/files/stable/3.4.0/Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe.md5 I just downloaded the en_US version of AOO 3.4 and the md5 checksums matched. > Could be that you have two different files. But it is suspicious. > (I did the same check with the Dutch files) > > Do you have a download link that I can totally trust? > And - very important - should the publisher be known? > The checksum files are on our most trusted server. So those come directly from Apache, not via an operator of a mirror. There is always the theoretical possibility of a rogue mirror operator, or corruption caused during or after your download. But if you verify against the checksums hosted on apache.org, you protect against that. -Rob > Regards, > > Jeroen > Holland --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
