Summary: | Requiring contributors to send a license statement to the "libreoffice" mailing list opens up phishing and spam opportunities | ||
---|---|---|---|
Product: | LibreOffice | Reporter: | Jeff Fortin Tam <nekohayo> |
Component: | LibreOffice | Assignee: | Not Assigned <libreoffice-bugs> |
Status: | NEW --- | ||
Severity: | enhancement | CC: | buzea.bogdan, robinson.libreoffice, xiscofauli |
Priority: | medium | ||
Version: | unspecified | ||
Hardware: | Other | ||
OS: | All | ||
Whiteboard: | |||
Crash report or crash signature: | Regression By: | ||
Bug Depends on: | |||
Bug Blocks: | 143781 | ||
Attachments: |
screenshot
the offending phishing email |
Description
Jeff Fortin Tam
2013-11-21 16:10:52 UTC
Created attachment 89598 [details]
the offending phishing email
This sample mail can be opened with a text editor or imported into a mail client such as Evolution or Thunderbird for inspection.
(In reply to comment #0) > Created attachment 89596 [details] > screenshot > > In bug #33600 I was requested to send a license statement to libreoffice@ Here's the suggested protocol: https://wiki.documentfoundation.org/Development/Developers#Developers_and_Contributors_list > > The problem is that doing so gets you a nice phishing email as a reply. > Almost fell for it. Sorry about that. > Is there anything the LibreOffice project could do to protect against fraud > attempts like these? It might be considered acceptable for you to send your Contributor's Statement to a private TDF address rather than the public mailing list (e.g. info@documentfoundation.org), however any commits you make will have an email address in them, as will any posts to the mailing lists, so your email address will still be publicly accessible to spammers. Any suggestions on how we might beef-up our defenses here? Status -> NEW (This is an enhancement) No contributor statement given for it. Please enable seotaewong40 from Mozilla Bugzilla since you've created an account. (In reply to comment #3) > No contributor statement given for it. > > Please enable seotaewong40 from Mozilla Bugzilla since you've created an > account. Tae-Wong - I'm not sure what you're asking here... Xisco please see this one. |