You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openoffice.apache.org by Peter Kovacs <pe...@posteo.de> on 2017/05/22 08:22:29 UTC
Security (was bugzilla)
Well, I see only 2 attack path for us.
Ssh interface and the macro/scripting interface.
SSH or web we need to update libs, so wee need a flexible way to reference both.
Scripting I don't know, not my area of expertise. Anyone with insights?
Please note I start splitting because we get more and more OT.
Am 21. Mai 2017 17:10:16 MESZ schrieb Dave Fisher <da...@comcast.net>:
>
>
>Sent from my iPhone
>
>> On May 21, 2017, at 10:34 AM, Jörg Schmidt <jo...@j-m-schmidt.de>
>wrote:
>>
>>
>>> From: Dave Fisher [mailto:dave2wave@comcast.net]
>>
>>> Here are some of mine. I am sure others differ.
>>>
>>> (1) investigate and fix security holes.
>>
>> +1
>>
>>> (2) frequent releases.
>>
>> +-0 or -1
>>
>> In practice, a time interval of 12-15 months would be sufficient.
>
>More frequent releases are needed for two reasons.
>
>- security fixes
>- making sure we have several people who can be release manager.
>
>Feature releases can be on an interval you describe.
>
>>
>> Note: the release cycle of LO is much too short, even if this is
>always presented as an advantage.
>> I could write "imho", but the truth is that the one is a tangible
>practice problem for professional office users. Because I offer
>commercial support for OO and LO, I know what I'm talking about.
>>
>>> (3) near one to one conversion to and from Microsoft Office.
>>
>> +-0
>>
>> Do you know the story of the hare and the hedgehog?
>http://www.pitt.edu/~dash/grimm187.html
>>
>>
>> Yes, the users want that, but would not it be right and honest to
>tell the users:
>> 'if you want MS Office, then use MS Office and not OO'
>
>Users want to convert to AOO but cannot easily. Users want to share
>with friends on MSFT. Having a great divide is not tenable. Perhaps
>this is an extension.
>
>>
>>> (4) deconflicted feature requests.
>>
>> I do not know what you mean specifically with "deconflicted".
>
>Raphael mentioned that feature requests bite each other. In
>prioritizing these we should pick which way.
>>
>>
>>> What do people think?
>>
>> I think _in the present situation_ it is better to work more and to
>discuss less.
>
>Agreed, but I'd still like to know what others think.
>
>>
>> I am unfortunately not a programmer of OO, but I support the project
>with user support, as a member of the project www.prooo-box.org and as
>a moderator in the forum http://openoffice.org.
>> I have regularly supported the project through translations of the
>release notes into the German language.
>
>Thank you.
>
>Regards,
>Dave
>>
>>
>>
>> greetings,
>> Jörg
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
>> For additional commands, e-mail: dev-help@openoffice.apache.org
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
>For additional commands, e-mail: dev-help@openoffice.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: Security (was bugzilla)
Posted by Patricia Shanahan <pa...@acm.org>.
Since this is getting into specifics of security issues, I think it
should be moved to the security list.
On 5/22/2017 1:22 AM, Peter Kovacs wrote:
> Well, I see only 2 attack path for us.
> Ssh interface and the macro/scripting interface.
>
> SSH or web we need to update libs, so wee need a flexible way to reference both.
>
> Scripting I don't know, not my area of expertise. Anyone with insights?
>
> Please note I start splitting because we get more and more OT.
>
> Am 21. Mai 2017 17:10:16 MESZ schrieb Dave Fisher <da...@comcast.net>:
>>
>>
>> Sent from my iPhone
>>
>>> On May 21, 2017, at 10:34 AM, Jörg Schmidt <jo...@j-m-schmidt.de>
>> wrote:
>>>
>>>
>>>> From: Dave Fisher [mailto:dave2wave@comcast.net]
>>>
>>>> Here are some of mine. I am sure others differ.
>>>>
>>>> (1) investigate and fix security holes.
>>>
>>> +1
>>>
>>>> (2) frequent releases.
>>>
>>> +-0 or -1
>>>
>>> In practice, a time interval of 12-15 months would be sufficient.
>>
>> More frequent releases are needed for two reasons.
>>
>> - security fixes
>> - making sure we have several people who can be release manager.
>>
>> Feature releases can be on an interval you describe.
>>
>>>
>>> Note: the release cycle of LO is much too short, even if this is
>> always presented as an advantage.
>>> I could write "imho", but the truth is that the one is a tangible
>> practice problem for professional office users. Because I offer
>> commercial support for OO and LO, I know what I'm talking about.
>>>
>>>> (3) near one to one conversion to and from Microsoft Office.
>>>
>>> +-0
>>>
>>> Do you know the story of the hare and the hedgehog?
>> http://www.pitt.edu/~dash/grimm187.html
>>>
>>>
>>> Yes, the users want that, but would not it be right and honest to
>> tell the users:
>>> 'if you want MS Office, then use MS Office and not OO'
>>
>> Users want to convert to AOO but cannot easily. Users want to share
>> with friends on MSFT. Having a great divide is not tenable. Perhaps
>> this is an extension.
>>
>>>
>>>> (4) deconflicted feature requests.
>>>
>>> I do not know what you mean specifically with "deconflicted".
>>
>> Raphael mentioned that feature requests bite each other. In
>> prioritizing these we should pick which way.
>>>
>>>
>>>> What do people think?
>>>
>>> I think _in the present situation_ it is better to work more and to
>> discuss less.
>>
>> Agreed, but I'd still like to know what others think.
>>
>>>
>>> I am unfortunately not a programmer of OO, but I support the project
>> with user support, as a member of the project www.prooo-box.org and as
>> a moderator in the forum http://openoffice.org.
>>> I have regularly supported the project through translations of the
>> release notes into the German language.
>>
>> Thank you.
>>
>> Regards,
>> Dave
>>>
>>>
>>>
>>> greetings,
>>> Jörg
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
>>> For additional commands, e-mail: dev-help@openoffice.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
>> For additional commands, e-mail: dev-help@openoffice.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org