On 02/04/2014 Roberto Galoppini wrote:
softpedia.com ... passes traffic through our download redirector flow
... we can indeed redirect this traffic by referrer to a
different landing page if one is provided.

Can't we just serve a 403? It's their problem, not ours. It's not rude at all, it's a way to protect our users: if we don't want that our unreleased versions are purported for real releases, we need that users only access them from a page on apache.org, on openoffice.org or e-mail until we release them.

So matching the HTTP referer and serving a 403 unless it comes from *.apache.org , *.openoffice.org or is empty seems the best solution to me. If we really want to be extra-polite, http://www.openoffice.org/download/devbuilds.html should be scary enough for casual users.

Of course, if this is a manual operation that must be done when we enter RC phase and undone after release, and only the SourceForge staff can do that, then this becomes a bit complex. Or can the project members who have access to the SourceForge area enable/disable the protection with no need for external help?

Regards,
  Andrea.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org

Reply via email to