openstore-team team mailing list archive

Thread
Date

Re: Thank you for your app submission

To: Michael Zanetti <michael.zanetti@xxxxxxxxxxxxx>
From: Hosein Ghanbari <hosein.iprogramer@xxxxxxxxx>
Date: Tue, 13 Dec 2016 21:11:43 +0330
Cc: "openstore-team@xxxxxxxxxxxxxxxxxxx" <openstore-team@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <b4fb8e11-61a9-dcdf-8a5e-1a5a795d3b64@canonical.com>

Hi

> upstartusersession.chahn it was a false detection and after double check it was removed scan team.(scan team says because it's not opensource)
Sommergram.jdev is malicious because it's send user data to a third party server and developer not declared why ? 
> 
>  

Sent from my iPad

> On Dec 13, 2016, at 8:40 PM, Michael Zanetti <michael.zanetti@xxxxxxxxxxxxx> wrote:
> 
> Hi Hosein,
> 
> may I ask for the reason why you think sommergram.jdev is malicious?
> Also, when I read through the code it was also blacklisting
> upstartusersession.chahn in a fallback path but that seems to be gone
> now. Was that just for testing and an accidental commit, or did you have
> reason to assume upstartusersession.chahn would be malicious too?
> 
> In general I'm a bit worried about the approach to blacklist other
> people's apps on your discretion only. Seems there's some potential for
> abuse there. Can you elaborate on the process on how you determine if an
> app is malicious or not?
> 
> Br,
> Michael
> 
>> On 13.12.2016 17:27, ‪hosein ghanbari‬ ‪ wrote:
>> Hi Brian
>> thank you for app review.
>> this address "http://80.82.69.185/click.list"; is my online malicious
>> click list for antivirus database , better app scan and less update.
>> also i think when you reviewed app my sever was in os reinstall process
>> and now link is responsible.
>> 
>> screenshots attached.
>> 
>> thanks.
>> 
>> ------------------------------------------------------------------------
>> *From:* Brian Douglass <bhdouglass@xxxxxxxxx>
>> *To:* hosein.iprogramer@xxxxxxxxx
>> *Cc:* openstore-team@xxxxxxxxxxxxxxxxxxx
>> *Sent:* Tuesday, 13 December 2016, 9:41:01
>> *Subject:* Thank you for your app submission
>> 
>> Hi Hosein,
>> 
>> Thank you for your app submission. We have reviewed it and can move
>> forward with including it in the OpenStore. There was one thing I was
>> curious about, what is this this ip: http://80.82.69.185/click.list ?
>> When I go to this site it just gives me a default apaache2 page. Can you
>> give us some insight here?
>> 
>> Also, could you resend the images in your last email? For some reason I
>> didn't get the last email.
>> Brian
>> 
>> 
>

Follow ups

Re: Thank you for your app submission
From: Michael Zanetti, 2016-12-13

References

Thank you for your app submission
From: Brian Douglass, 2016-12-13
Re: Thank you for your app submission
From: ‪hosein ghanbari‬ ‪, 2016-12-13
Re: Thank you for your app submission
From: Michael Zanetti, 2016-12-13