Bug 71882 - Requiring contributors to send a license statement to the "libreoffice" mailing list opens up phishing and spam opportunities
Summary: Requiring contributors to send a license statement to the "libreoffice" maili...
Status: NEW
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: LibreOffice (show other bugs)
Version:
(earliest affected)
unspecified
Hardware: Other All
: medium enhancement
Assignee: Not Assigned
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-11-21 16:10 UTC by Jean-François Fortin Tam
Modified: 2013-12-03 16:04 UTC (History)
1 user (show)

See Also:
Crash report or crash signature:


Attachments
screenshot (153.58 KB, image/png)
2013-11-21 16:10 UTC, Jean-François Fortin Tam
Details
the offending phishing email (8.93 KB, application/mbox)
2013-11-21 16:13 UTC, Jean-François Fortin Tam
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jean-François Fortin Tam 2013-11-21 16:10:52 UTC
Created attachment 89596 [details]
screenshot

In bug #33600 I was requested to send a license statement to libreoffice@

The problem is that doing so gets you a nice phishing email as a reply. Almost fell for it.

Is there anything the LibreOffice project could do to protect against fraud attempts like these?
Comment 1 Jean-François Fortin Tam 2013-11-21 16:13:21 UTC
Created attachment 89598 [details]
the offending phishing email

This sample mail can be opened with a text editor or imported into a mail client such as Evolution or Thunderbird for inspection.
Comment 2 Robinson Tryon (qubit) 2013-11-24 22:19:07 UTC
(In reply to comment #0)
> Created attachment 89596 [details]
> screenshot
> 
> In bug #33600 I was requested to send a license statement to libreoffice@

Here's the suggested protocol:
https://wiki.documentfoundation.org/Development/Developers#Developers_and_Contributors_list

> 
> The problem is that doing so gets you a nice phishing email as a reply.
> Almost fell for it.

Sorry about that.

> Is there anything the LibreOffice project could do to protect against fraud
> attempts like these?

It might be considered acceptable for you to send your Contributor's Statement to a private TDF address rather than the public mailing list (e.g. info@documentfoundation.org), however any commits you make will have an email address in them, as will any posts to the mailing lists, so your email address will still be publicly accessible to spammers.

Any suggestions on how we might beef-up our defenses here?

Status -> NEW
(This is an enhancement)
Comment 3 Tae-Wong Seo 2013-12-03 10:29:56 UTC
No contributor statement given for it.

Please enable seotaewong40 from Mozilla Bugzilla since you've created an account.
Comment 4 Robinson Tryon (qubit) 2013-12-03 16:04:18 UTC
(In reply to comment #3)
> No contributor statement given for it.
> 
> Please enable seotaewong40 from Mozilla Bugzilla since you've created an
> account.

Tae-Wong - I'm not sure what you're asking here...