Bug 71882 - Requiring contributors to send a license statement to the "libreoffice" mailing list opens up phishing and spam opportunities
Summary: Requiring contributors to send a license statement to the "libreoffice" maili...
Status: NEW
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: LibreOffice (show other bugs)
Version:
(earliest affected)
unspecified
Hardware: Other All
: medium enhancement
Assignee: Not Assigned
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: Dev-related
  Show dependency treegraph
 
Reported: 2013-11-21 16:10 UTC by Jeff Fortin Tam
Modified: 2023-10-03 19:17 UTC (History)
3 users (show)

See Also:
Crash report or crash signature:


Attachments
screenshot (153.58 KB, image/png)
2013-11-21 16:10 UTC, Jeff Fortin Tam
Details
the offending phishing email (8.93 KB, application/mbox)
2013-11-21 16:13 UTC, Jeff Fortin Tam
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jeff Fortin Tam 2013-11-21 16:10:52 UTC
Created attachment 89596 [details]
screenshot

In bug #33600 I was requested to send a license statement to libreoffice@

The problem is that doing so gets you a nice phishing email as a reply. Almost fell for it.

Is there anything the LibreOffice project could do to protect against fraud attempts like these?
Comment 1 Jeff Fortin Tam 2013-11-21 16:13:21 UTC
Created attachment 89598 [details]
the offending phishing email

This sample mail can be opened with a text editor or imported into a mail client such as Evolution or Thunderbird for inspection.
Comment 2 Robinson Tryon (qubit) 2013-11-24 22:19:07 UTC
(In reply to comment #0)
> Created attachment 89596 [details]
> screenshot
> 
> In bug #33600 I was requested to send a license statement to libreoffice@

Here's the suggested protocol:
https://wiki.documentfoundation.org/Development/Developers#Developers_and_Contributors_list

> 
> The problem is that doing so gets you a nice phishing email as a reply.
> Almost fell for it.

Sorry about that.

> Is there anything the LibreOffice project could do to protect against fraud
> attempts like these?

It might be considered acceptable for you to send your Contributor's Statement to a private TDF address rather than the public mailing list (e.g. info@documentfoundation.org), however any commits you make will have an email address in them, as will any posts to the mailing lists, so your email address will still be publicly accessible to spammers.

Any suggestions on how we might beef-up our defenses here?

Status -> NEW
(This is an enhancement)
Comment 3 Tae-Wong Seo 2013-12-03 10:29:56 UTC Comment hidden (obsolete)
Comment 4 Robinson Tryon (qubit) 2013-12-03 16:04:18 UTC Comment hidden (obsolete)
Comment 5 Timur 2020-08-02 13:12:59 UTC
Xisco please see this one.