> On 09 Dec2014, at 17:41, Roberto Galoppini <roberto.galopp...@gmail.com> > wrote: > > > > 2014-12-09 21:23 GMT+01:00 Rory O'Farrell <ofarr...@iol.ie>: > On Tue, 9 Dec 2014 15:14:24 -0500 > Louis Suárez-Potts <lui...@gmail.com> wrote: > > > Hi > > > On 09 Dec2014, at 15:11, Rory O'Farrell <ofarr...@iol.ie> wrote: > > > > > > On Tue, 09 Dec 2014 13:48:44 -0600 > > > Elizabeth Morgan <elizabethallynmor...@gmail.com> wrote: > > > > > >> UPDATE: > > >> It's my entire development team that's encountering the issue at the > > >> moment -- we're having to refit a good number of computers, and all of > > >> them are detecting it as malicious after downloading from Sourceforge > > >> via official link from openoffice.org > > > > > > Remember that you can check the download for integrity by the methods > > > described in > > > http://www.openoffice.org/download/checksums.html > > > > > > Your team only need one download for each O/S. They can move it about on > > > USB key or DVD or network. > > > > I think Elizabeth’s point is that there is something amiss with the linkage > > from OpenOffice to SF to users. The problem, reading her post, could lie > > with SF. But my guess is that Elizabeth is more than competent to file an > > issue describing more precisely the problem so that we can resolve it. > > I can certainly confirm, from many reports on the Forum, that Chrome is > identifying SourceForge OO files on the automatic download as malicious. The > same reports suggest that the direct download link gives the same files > without triggering any malicious file warning from Chrome. > > > We are trying to talk to Google to better understand what's going on, in the > meantime we excluded all the blacklisted OpenOffice mirror URLs from the > selection used when users download. When downloading OO now, you should get > the file without any warning. > > This is only a short-term solution but should help for the time being. We > hope to learn soon more about the actual google chrome policies and why those > are tagging as malicious few open source projects out there. > > Roberto >
Thanks, Roberto, for the explanation. Perhaps an issue that reflects the ongoing discussion would help with Elizabeth’s situation and also others? (And the parallel discussion on signing downloads is probably not entirely irrelevant?) (BTW, I use Google Chrome & Canary on OS X 10.2—a dev. editions, for both—and every now and then there are misreadings of a code’s legitimacy. Happens.) louis > > > > > > > louis > > > > > >> > > >> On 12/9/2014 1:37 PM, Marcus wrote: > > >>> Am 12/09/2014 04:29 PM, schrieb Elizabeth Morgan: > > >>>> Not technically "broken" per say in the notion of "won't actually > > >>>> connect to the .exe file," but Chrome keeps registering all of the Open > > >>>> Office downloads as malicious. Even past versions. > > >>> > > >>> please make sure that you download only from the official source: > > >>> > > >>> http://www.openoffice.org/download/ > > >>> > > >>> which will offer you the binaries from Sourceforge.net. They are > > >>> hosting the installation files for us. > > >>> > > >>> Currently we haven't heard from other users about this problem. So, I > > >>> think for the moment that it's a reason that doesn't lay within the > > >>> Apache OpenOffice project. > > >>> > > >>> E.g., does Chrome search in a public place for malicious domains? If > > >>> yes, maybe this place is not up-to-date or not working or something > > >>> else. > > >>> > > >>> Marcus > > >> > > >> > > >> --------------------------------------------------------------------- > > >> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org > > >> For additional commands, e-mail: dev-h...@openoffice.apache.org > > >> > > >> > > > > > > > > > -- > > > Rory O'Farrell <ofarr...@iol.ie> > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org > > > For additional commands, e-mail: dev-h...@openoffice.apache.org > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org > > For additional commands, e-mail: dev-h...@openoffice.apache.org > > > > > > > -- > Rory O'Farrell <ofarr...@iol.ie> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org > For additional commands, e-mail: dev-h...@openoffice.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
