You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@openoffice.apache.org by J B <je...@gmail.com> on 2012/06/14 14:42:40 UTC
Wrong checksum and unknown publisher
Dear technicians,
I suspect you have some kind of trojan problem.
*First clue*
I deinstalled your software and I was directed to your survey webpage. But
the page was unavailable.
*Second clue*
When reinstalling, Windows said that the publisher was unknown. Normally it
says your organisation.
Then I did a checksum and it did not match.
( Should be: a919dc6c480feee7748a63d5d4d03f85
Apache_OpenOffice_incubating_3.4.0_Win_x86_langpack_en-US.exe
But is: 089966F62006BA94E540A9BBB3E6056A
C:\Users\Koblenz\Downloads\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe)
Could be that you have two different files. But it is suspicious.
(I did the same check with the Dutch files)
Do you have a download link that I can totally trust?
And - very important - should the publisher be known?
Regards,
Jeroen
Holland
Re: Wrong checksum and unknown publisher
Posted by Rob Weir <ro...@apache.org>.
On Thu, Jun 14, 2012 at 8:42 AM, J B <je...@gmail.com> wrote:
> Dear technicians,
>
HI JB,
> I suspect you have some kind of trojan problem.
>
> *First clue*
> I deinstalled your software and I was directed to your survey webpage. But
> the page was unavailable.
>
It was not necessary to uninstall the previous version of OOo before
installing Apache OpenOffice 3.4, but if you did that would be the
expected behavior. When the project moved to Apache we turned off the
survey collection that Sun had until we could figure out whether we
wanted it and if we did how to handle the data protection and data
privacy aspects of this. So the error was expected
>
> *Second clue*
> When reinstalling, Windows said that the publisher was unknown. Normally it
> says your organisation.
>
Prior versions were built and digitally signed by Sun. AOO 3.4 did
not have an Authenticode digital signature. Instead Apache projects
provide a detached PGP/GPG digital signature. However, these
signatures are more understood in the Linux admin world, and are not
recognized by Microsoft Windows. Thus the warning you see with AOO
3.4. We're looking into providing an Authenticode signature for
future releases to avoid this issue.
> Then I did a checksum and it did not match.
>
> ( Should be: a919dc6c480feee7748a63d5d4d03f85
> Apache_OpenOffice_incubating_3.4.0_Win_x86_langpack_en-US.exe
> But is: 089966F62006BA94E540A9BBB3E6056A
> C:\Users\Koblenz\Downloads\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe)
>
Where are you finding the "should be" checksums? The checksum for the
en_US version is here:
http://www.apache.org/dist/incubator/ooo/files/stable/3.4.0/Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe.md5
I just downloaded the en_US version of AOO 3.4 and the md5 checksums matched.
> Could be that you have two different files. But it is suspicious.
> (I did the same check with the Dutch files)
>
> Do you have a download link that I can totally trust?
> And - very important - should the publisher be known?
>
The checksum files are on our most trusted server. So those come
directly from Apache, not via an operator of a mirror. There is always
the theoretical possibility of a rogue mirror operator, or corruption
caused during or after your download. But if you verify against the
checksums hosted on apache.org, you protect against that.
-Rob
> Regards,
>
> Jeroen
> Holland
---------------------------------------------------------------------
To unsubscribe, e-mail: ooo-users-unsubscribe@incubator.apache.org
For additional commands, e-mail: ooo-users-help@incubator.apache.org
Re: Wrong checksum and unknown publisher
Posted by James Knott <ja...@rogers.com>.
J B wrote:
> Dear technicians,
>
> I suspect you have some kind of trojan problem.
>
> *First clue*
> I deinstalled your software and I was directed to your survey webpage. But
> the page was unavailable.
>
>
> *Second clue*
> When reinstalling, Windows said that the publisher was unknown. Normally it
> says your organisation.
>
> Then I did a checksum and it did not match.
>
> ( Should be: a919dc6c480feee7748a63d5d4d03f85
> Apache_OpenOffice_incubating_3.4.0_Win_x86_langpack_en-US.exe
> But is: 089966F62006BA94E540A9BBB3E6056A
> C:\Users\Koblenz\Downloads\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe)
>
> Could be that you have two different files. But it is suspicious.
> (I did the same check with the Dutch files)
>
> Do you have a download link that I can totally trust?
> And - very important - should the publisher be known?
>
>
The main link is http://www.openoffice.org/. Any downloads from there
are certain to be "original".
Also, we're not "technicians". This is a users mail list where we try
to help other users.
BTW, where did you download from?
---------------------------------------------------------------------
To unsubscribe, e-mail: ooo-users-unsubscribe@incubator.apache.org
For additional commands, e-mail: ooo-users-help@incubator.apache.org
Re: Wrong checksum and unknown publisher
Posted by NoOp <gl...@sbcglobal.net>.
On 06/14/2012 05:42 AM, J B wrote:
...
> Then I did a checksum and it did not match.
>
> ( Should be: a919dc6c480feee7748a63d5d4d03f85
> Apache_OpenOffice_incubating_3.4.0_Win_x86_langpack_en-US.exe
That is the correct md5 for that file:
<https://archive.apache.org/dist/incubator/ooo/files/stable/3.4.0/Apache_OpenOffice_incubating_3.4.0_Win_x86_langpack_en-US.exe.md5
> But is: 089966F62006BA94E540A9BBB3E6056A
> C:\Users\Koblenz\Downloads\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe)
That is the correct md5 for that file:
https://www.apache.org/dist/incubator/ooo/files/stable/3.4.0/Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe.md5
http://www.openoffice.org/download/checksums/3.4.0_checksums.html
>
> Could be that you have two different files. But it is suspicious.
Notice the file names above, _you_ have two different files; the first
is the language pack, the second is the main AOO installation file.
> (I did the same check with the Dutch files)
>
> Do you have a download link that I can totally trust?
http://www.openoffice.org/download/index.html
http://www.openoffice.org/download/other.html
Regarding 'unknown publisher': ASC, MD5, SHA1, SHA512 checksums are
available:
http://www.openoffice.org/download/checksums/3.4.0_checksums.htm
and provided that you match those to the /correct/ file, you should be fine.
...
---------------------------------------------------------------------
To unsubscribe, e-mail: ooo-users-unsubscribe@incubator.apache.org
For additional commands, e-mail: ooo-users-help@incubator.apache.org