You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openoffice.apache.org by Marcus <ma...@wtnet.de> on 2016/08/13 21:16:20 UTC

[PATCH DOWNLOAD] Draft for the hotfix webpage

As we have now the patched library file and Readme for all platforms, 
IMHO not much more is needed to go public with the hotfix. Therefore 
I've created a draft version of the hotfix download webpage:

http://dist.apache.org/repos/dist/dev/openoffice/4.1.2-patch1/hotfix.html

Please review and tell me your feedback.

Thanks

Marcus

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org


Re: [PATCH DOWNLOAD] Draft for the hotfix webpage

Posted by Marcus <ma...@wtnet.de>.
Am 08/19/2016 01:09 AM, schrieb Dennis E. Hamilton:
>
>> -----Original Message-----
>> From: Marcus [mailto:marcus.mail@wtnet.de]
>> Sent: Thursday, August 18, 2016 14:40
>> To: dev@openoffice.apache.org
>> Subject: Re: [PATCH DOWNLOAD] Draft for the hotfix webpage
>>
>> Am 08/15/2016 11:40 PM, schrieb Dennis E. Hamilton:
>>>
>>>> -----Original Message-----
>>>> From: Marcus [mailto:marcus.mail@wtnet.de]
>>>> Sent: Monday, August 15, 2016 13:43
>>>> To: dev@openoffice.apache.org
>>>> Subject: Re: [PATCH DOWNLOAD] Draft for the hotfix webpage
>>>>
>>>> Am 08/15/2016 09:10 PM, schrieb Dennis E. Hamilton:
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Kay Schenk@apache.org [mailto:kschenk@apache.org]
>>>>>> Sent: Monday, August 15, 2016 08:59
>>>>>> To: dev@openoffice.apache.org
>>>>>> Subject: Re: [PATCH DOWNLOAD] Draft for the hotfix webpage
>>>>>>
>>>>>> On 08/13/2016 02:16 PM, Marcus wrote:
>>>>>>> As we have now the patched library file and Readme for all
>>>> platforms,
>>>>>>> IMHO not much more is needed to go public with the hotfix.
>> Therefore
>>>>>>> I've created a draft version of the hotfix download webpage:
>>>>>>>
>>>>>>> http://dist.apache.org/repos/dist/dev/openoffice/4.1.2-
>>>>>> patch1/hotfix.html
>>>>>>>
>>>>>>> Please review and tell me your feedback.
>>>>> [orcmid]
>>>>>
>>>>> I have a number of items.  I can fix the URLs in (2) below after I
>>>> have updated the Windows set.
>>>>>
>>>>>      1. This is worded as if it is the advisory.  I assume this is,
>>>> rather, something that should be linked to from an update of the
>>>> advisory.  I request that it be a description of the HotFix.  It
>> could
>>>> link to the advisory, of course.  RECOMMENDATION: Have the emphasis
>> be
>>>> on this describing release of the hotfix for CVE-2016-1513.
>>>>
>>>> OK, seems indeed not clear enough.
>>>>
>>>>>      2. Download and Installation.  Currently, this page is at
>>>>> <https://dist.apache.org/repos/dist/dev/openoffice/4.1.2-
>>>> patch1/hotfix.html>.  It has *ABSOLUTE* URLs to the binaries and
>> source
>>>> and the various hashes.  WHEN GENERAL DISTRIBUTION OCCURS, this page
>> and
>>>> all of the binaries and source pages will be at
>>>>> <https://archive.apache.org/dist/openoffice/4.1.2-patch1>.
>>>>
>>>> Please remember that it's just a draft of what is available at the
>>>> moment. ;-) That's why the URLs for source and binaries differ
>> already.
>>>> Of course all URLs will change when everything is available at dist/
>> and
>>>> no longer dev/.
>>>>
>>>> RECOMMENDATION: In the Download&    Installation table, make all URLS
>>>> *RELATIVE* to the HotFix page, since when it is staged to release and
>>>> then to archive, the links will always work.
>>>>>         NOTE. When we make general distribution, we stage the HotFix
>>>> HTML page and the binaries subfolder to
>>>>> <https://dist.apache.org/repos/dist/release/openoffice/4.1.2-patch1>
>>>> using SVN copies.  In 24-48 hours or so that material will show up
>>>> automatically on archive.apache.org and we can make the general
>>>> distribution announcement.  The dist.apache.org materials can be
>> removed
>>>> when that happens.  WARNING. The Windows material is not ready, and
>> some
>>>> renaming will happen.  That should all be done by the end of Tuesday
>>>> (GMT).
>>>>
>>>> The current location of the hotfix webpage is of course is not the
>> final
>>>> one. It will be there where the other webpages are: at w.oo.o.
>>>>
>>>> I've just put it into SVN to have it not yet on the public OO
>> website.
>>> [orcmid]
>>>
>>> LOL.  I thought that is where you wanted to keep it [;<).  Because it
>> is so specific to this HotFix, I think it would be great to leave it
>> with the downloads and the archive.apache.org site, but link to it from
>> openoffice.org.
>>>
>>>>
>>>>>      3. Next Step under Download and Installation.  The README for
>>>> Windows addresses the way to Unzip and provides important information
>>>> about how the extract is into a folder of a default-determined name.
>> I
>>>> don't know if the others provide comparable information and/or
>> operating
>>>> from a terminal is assumed.
>>>>
>>>> Yes, more (Linux) or less (Mac) it should be comparable.
>>>>
>>>>>      4. How to verify the download&    installation.  Verifying the
>> Zip is
>>>> sufficient.  The table does not identify the files those check cases
>> are
>>>> from so it is not at all clear what value this is.  RECOMMENDATION:
>> If
>>>> it is valuable, we should include the additional hashes inside the
>> Zips,
>>>> and provide the size and time stamp information in the individual
>> README
>>>> files.
>>>>
>>>> Yes, right. "Old file" and "New file" is for sure not exact enough
>> which
>>>> file it is about. And the other file-based data can be moved to the
>>>> Readme's, too.
>>>>
>>>>    >   That way there is no redundancy and the information is
>> maintained in
>>>>    >   exactly one place.
>>>>
>>>> <nitpicker>
>>>> Ahm, no. ;-) At the moment we have it at a single place. When we
>> split
>>>> it into the 4 Readme's then we have 4 places to maintain.
>>>> </nitpicker>
>>>>
>>>> But at the end you are right. The webpage contains some details that
>>>> should be moved to the respective Readme.
>>>>
>>>> I'll finish the changes when I'm back from a trip on Thursday or
>> Friday.
>>
>> I want to change my mind:
>> Let's skip these changes and keep this in mind for the next time. I just
>> would do the Readme changes - that I've already suggested in a previous
>> mail - for Mac and both Linux *outside* of the ZIP file.
>>
>> And then let's do the release. Otherwise we would go another leap and
>> another one and ... ;-)
>>
>> What do you think?
> [orcmid]
>
> As you've seen, I did fix the links in the Hotfix.html page at the same time as I added the shortened names that are now used in the 0.2.0 Beta binary for Windows.  So that page can move with the staging of the binaries from dev to release (and automatically to archive).

I had stil lthe idea to move it to the download webpage area. But OK, we 
can also keep it the dist/ area. It's really special.

> I have made all of the changes necessary to update the Windows 0.2.0 Beta to a 1.0.0 release candidate or whatever we want to call a candidate for general availability.
>
> I can get that done in about 15 minutes.  I have been holding back until there seem to be no more changes and I can go ahead and Zip things up and provide the necessary signatures and hashes.

OK

> Let me know when you are ready and I will respond as soon as I see your message (allowing for our sleep periods being offset about 9 hours [;<).

Ha, you are funny. I still need to work to get my refrigerator filled. 
;-P . So, for me you have to add 20h or such.

Marcus


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org


RE: [PATCH DOWNLOAD] Draft for the hotfix webpage

Posted by "Dennis E. Hamilton" <de...@acm.org>.

> -----Original Message-----
> From: Marcus [mailto:marcus.mail@wtnet.de]
> Sent: Thursday, August 18, 2016 14:40
> To: dev@openoffice.apache.org
> Subject: Re: [PATCH DOWNLOAD] Draft for the hotfix webpage
> 
> Am 08/15/2016 11:40 PM, schrieb Dennis E. Hamilton:
> >
> >> -----Original Message-----
> >> From: Marcus [mailto:marcus.mail@wtnet.de]
> >> Sent: Monday, August 15, 2016 13:43
> >> To: dev@openoffice.apache.org
> >> Subject: Re: [PATCH DOWNLOAD] Draft for the hotfix webpage
> >>
> >> Am 08/15/2016 09:10 PM, schrieb Dennis E. Hamilton:
> >>>
> >>>> -----Original Message-----
> >>>> From: Kay Schenk@apache.org [mailto:kschenk@apache.org]
> >>>> Sent: Monday, August 15, 2016 08:59
> >>>> To: dev@openoffice.apache.org
> >>>> Subject: Re: [PATCH DOWNLOAD] Draft for the hotfix webpage
> >>>>
> >>>> On 08/13/2016 02:16 PM, Marcus wrote:
> >>>>> As we have now the patched library file and Readme for all
> >> platforms,
> >>>>> IMHO not much more is needed to go public with the hotfix.
> Therefore
> >>>>> I've created a draft version of the hotfix download webpage:
> >>>>>
> >>>>> http://dist.apache.org/repos/dist/dev/openoffice/4.1.2-
> >>>> patch1/hotfix.html
> >>>>>
> >>>>> Please review and tell me your feedback.
> >>> [orcmid]
> >>>
> >>> I have a number of items.  I can fix the URLs in (2) below after I
> >> have updated the Windows set.
> >>>
> >>>     1. This is worded as if it is the advisory.  I assume this is,
> >> rather, something that should be linked to from an update of the
> >> advisory.  I request that it be a description of the HotFix.  It
> could
> >> link to the advisory, of course.  RECOMMENDATION: Have the emphasis
> be
> >> on this describing release of the hotfix for CVE-2016-1513.
> >>
> >> OK, seems indeed not clear enough.
> >>
> >>>     2. Download and Installation.  Currently, this page is at
> >>> <https://dist.apache.org/repos/dist/dev/openoffice/4.1.2-
> >> patch1/hotfix.html>.  It has *ABSOLUTE* URLs to the binaries and
> source
> >> and the various hashes.  WHEN GENERAL DISTRIBUTION OCCURS, this page
> and
> >> all of the binaries and source pages will be at
> >>> <https://archive.apache.org/dist/openoffice/4.1.2-patch1>.
> >>
> >> Please remember that it's just a draft of what is available at the
> >> moment. ;-) That's why the URLs for source and binaries differ
> already.
> >> Of course all URLs will change when everything is available at dist/
> and
> >> no longer dev/.
> >>
> >> RECOMMENDATION: In the Download&   Installation table, make all URLS
> >> *RELATIVE* to the HotFix page, since when it is staged to release and
> >> then to archive, the links will always work.
> >>>        NOTE. When we make general distribution, we stage the HotFix
> >> HTML page and the binaries subfolder to
> >>> <https://dist.apache.org/repos/dist/release/openoffice/4.1.2-patch1>
> >> using SVN copies.  In 24-48 hours or so that material will show up
> >> automatically on archive.apache.org and we can make the general
> >> distribution announcement.  The dist.apache.org materials can be
> removed
> >> when that happens.  WARNING. The Windows material is not ready, and
> some
> >> renaming will happen.  That should all be done by the end of Tuesday
> >> (GMT).
> >>
> >> The current location of the hotfix webpage is of course is not the
> final
> >> one. It will be there where the other webpages are: at w.oo.o.
> >>
> >> I've just put it into SVN to have it not yet on the public OO
> website.
> > [orcmid]
> >
> > LOL.  I thought that is where you wanted to keep it [;<).  Because it
> is so specific to this HotFix, I think it would be great to leave it
> with the downloads and the archive.apache.org site, but link to it from
> openoffice.org.
> >
> >>
> >>>     3. Next Step under Download and Installation.  The README for
> >> Windows addresses the way to Unzip and provides important information
> >> about how the extract is into a folder of a default-determined name.
> I
> >> don't know if the others provide comparable information and/or
> operating
> >> from a terminal is assumed.
> >>
> >> Yes, more (Linux) or less (Mac) it should be comparable.
> >>
> >>>     4. How to verify the download&   installation.  Verifying the
> Zip is
> >> sufficient.  The table does not identify the files those check cases
> are
> >> from so it is not at all clear what value this is.  RECOMMENDATION:
> If
> >> it is valuable, we should include the additional hashes inside the
> Zips,
> >> and provide the size and time stamp information in the individual
> README
> >> files.
> >>
> >> Yes, right. "Old file" and "New file" is for sure not exact enough
> which
> >> file it is about. And the other file-based data can be moved to the
> >> Readme's, too.
> >>
> >>   >  That way there is no redundancy and the information is
> maintained in
> >>   >  exactly one place.
> >>
> >> <nitpicker>
> >> Ahm, no. ;-) At the moment we have it at a single place. When we
> split
> >> it into the 4 Readme's then we have 4 places to maintain.
> >> </nitpicker>
> >>
> >> But at the end you are right. The webpage contains some details that
> >> should be moved to the respective Readme.
> >>
> >> I'll finish the changes when I'm back from a trip on Thursday or
> Friday.
> 
> I want to change my mind:
> Let's skip these changes and keep this in mind for the next time. I just
> would do the Readme changes - that I've already suggested in a previous
> mail - for Mac and both Linux *outside* of the ZIP file.
> 
> And then let's do the release. Otherwise we would go another leap and
> another one and ... ;-)
> 
> What do you think?
[orcmid] 

As you've seen, I did fix the links in the Hotfix.html page at the same time as I added the shortened names that are now used in the 0.2.0 Beta binary for Windows.  So that page can move with the staging of the binaries from dev to release (and automatically to archive).

I have made all of the changes necessary to update the Windows 0.2.0 Beta to a 1.0.0 release candidate or whatever we want to call a candidate for general availability.

I can get that done in about 15 minutes.  I have been holding back until there seem to be no more changes and I can go ahead and Zip things up and provide the necessary signatures and hashes.

Let me know when you are ready and I will respond as soon as I see your message (allowing for our sleep periods being offset about 9 hours [;<).

 - Dennis




> 
> Marcus
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org


Re: [PATCH DOWNLOAD] Draft for the hotfix webpage

Posted by Marcus <ma...@wtnet.de>.
Am 08/15/2016 11:40 PM, schrieb Dennis E. Hamilton:
>
>> -----Original Message-----
>> From: Marcus [mailto:marcus.mail@wtnet.de]
>> Sent: Monday, August 15, 2016 13:43
>> To: dev@openoffice.apache.org
>> Subject: Re: [PATCH DOWNLOAD] Draft for the hotfix webpage
>>
>> Am 08/15/2016 09:10 PM, schrieb Dennis E. Hamilton:
>>>
>>>> -----Original Message-----
>>>> From: Kay Schenk@apache.org [mailto:kschenk@apache.org]
>>>> Sent: Monday, August 15, 2016 08:59
>>>> To: dev@openoffice.apache.org
>>>> Subject: Re: [PATCH DOWNLOAD] Draft for the hotfix webpage
>>>>
>>>> On 08/13/2016 02:16 PM, Marcus wrote:
>>>>> As we have now the patched library file and Readme for all
>> platforms,
>>>>> IMHO not much more is needed to go public with the hotfix. Therefore
>>>>> I've created a draft version of the hotfix download webpage:
>>>>>
>>>>> http://dist.apache.org/repos/dist/dev/openoffice/4.1.2-
>>>> patch1/hotfix.html
>>>>>
>>>>> Please review and tell me your feedback.
>>> [orcmid]
>>>
>>> I have a number of items.  I can fix the URLs in (2) below after I
>> have updated the Windows set.
>>>
>>>     1. This is worded as if it is the advisory.  I assume this is,
>> rather, something that should be linked to from an update of the
>> advisory.  I request that it be a description of the HotFix.  It could
>> link to the advisory, of course.  RECOMMENDATION: Have the emphasis be
>> on this describing release of the hotfix for CVE-2016-1513.
>>
>> OK, seems indeed not clear enough.
>>
>>>     2. Download and Installation.  Currently, this page is at
>>> <https://dist.apache.org/repos/dist/dev/openoffice/4.1.2-
>> patch1/hotfix.html>.  It has *ABSOLUTE* URLs to the binaries and source
>> and the various hashes.  WHEN GENERAL DISTRIBUTION OCCURS, this page and
>> all of the binaries and source pages will be at
>>> <https://archive.apache.org/dist/openoffice/4.1.2-patch1>.
>>
>> Please remember that it's just a draft of what is available at the
>> moment. ;-) That's why the URLs for source and binaries differ already.
>> Of course all URLs will change when everything is available at dist/ and
>> no longer dev/.
>>
>> RECOMMENDATION: In the Download&   Installation table, make all URLS
>> *RELATIVE* to the HotFix page, since when it is staged to release and
>> then to archive, the links will always work.
>>>        NOTE. When we make general distribution, we stage the HotFix
>> HTML page and the binaries subfolder to
>>> <https://dist.apache.org/repos/dist/release/openoffice/4.1.2-patch1>
>> using SVN copies.  In 24-48 hours or so that material will show up
>> automatically on archive.apache.org and we can make the general
>> distribution announcement.  The dist.apache.org materials can be removed
>> when that happens.  WARNING. The Windows material is not ready, and some
>> renaming will happen.  That should all be done by the end of Tuesday
>> (GMT).
>>
>> The current location of the hotfix webpage is of course is not the final
>> one. It will be there where the other webpages are: at w.oo.o.
>>
>> I've just put it into SVN to have it not yet on the public OO website.
> [orcmid]
>
> LOL.  I thought that is where you wanted to keep it [;<).  Because it is so specific to this HotFix, I think it would be great to leave it with the downloads and the archive.apache.org site, but link to it from openoffice.org.
>
>>
>>>     3. Next Step under Download and Installation.  The README for
>> Windows addresses the way to Unzip and provides important information
>> about how the extract is into a folder of a default-determined name.  I
>> don't know if the others provide comparable information and/or operating
>> from a terminal is assumed.
>>
>> Yes, more (Linux) or less (Mac) it should be comparable.
>>
>>>     4. How to verify the download&   installation.  Verifying the Zip is
>> sufficient.  The table does not identify the files those check cases are
>> from so it is not at all clear what value this is.  RECOMMENDATION: If
>> it is valuable, we should include the additional hashes inside the Zips,
>> and provide the size and time stamp information in the individual README
>> files.
>>
>> Yes, right. "Old file" and "New file" is for sure not exact enough which
>> file it is about. And the other file-based data can be moved to the
>> Readme's, too.
>>
>>   >  That way there is no redundancy and the information is maintained in
>>   >  exactly one place.
>>
>> <nitpicker>
>> Ahm, no. ;-) At the moment we have it at a single place. When we split
>> it into the 4 Readme's then we have 4 places to maintain.
>> </nitpicker>
>>
>> But at the end you are right. The webpage contains some details that
>> should be moved to the respective Readme.
>>
>> I'll finish the changes when I'm back from a trip on Thursday or Friday.

I want to change my mind:
Let's skip these changes and keep this in mind for the next time. I just 
would do the Readme changes - that I've already suggested in a previous 
mail - for Mac and both Linux *outside* of the ZIP file.

And then let's do the release. Otherwise we would go another leap and 
another one and ... ;-)

What do you think?

Marcus

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org


RE: [PATCH DOWNLOAD] Draft for the hotfix webpage

Posted by "Dennis E. Hamilton" <de...@acm.org>.

> -----Original Message-----
> From: Marcus [mailto:marcus.mail@wtnet.de]
> Sent: Monday, August 15, 2016 13:43
> To: dev@openoffice.apache.org
> Subject: Re: [PATCH DOWNLOAD] Draft for the hotfix webpage
> 
> Am 08/15/2016 09:10 PM, schrieb Dennis E. Hamilton:
> >
> >> -----Original Message-----
> >> From: Kay Schenk@apache.org [mailto:kschenk@apache.org]
> >> Sent: Monday, August 15, 2016 08:59
> >> To: dev@openoffice.apache.org
> >> Subject: Re: [PATCH DOWNLOAD] Draft for the hotfix webpage
> >>
> >> On 08/13/2016 02:16 PM, Marcus wrote:
> >>> As we have now the patched library file and Readme for all
> platforms,
> >>> IMHO not much more is needed to go public with the hotfix. Therefore
> >>> I've created a draft version of the hotfix download webpage:
> >>>
> >>> http://dist.apache.org/repos/dist/dev/openoffice/4.1.2-
> >> patch1/hotfix.html
> >>>
> >>> Please review and tell me your feedback.
> > [orcmid]
> >
> > I have a number of items.  I can fix the URLs in (2) below after I
> have updated the Windows set.
> >
> >    1. This is worded as if it is the advisory.  I assume this is,
> rather, something that should be linked to from an update of the
> advisory.  I request that it be a description of the HotFix.  It could
> link to the advisory, of course.  RECOMMENDATION: Have the emphasis be
> on this describing release of the hotfix for CVE-2016-1513.
> 
> OK, seems indeed not clear enough.
> 
> >    2. Download and Installation.  Currently, this page is at
> > <https://dist.apache.org/repos/dist/dev/openoffice/4.1.2-
> patch1/hotfix.html>.  It has *ABSOLUTE* URLs to the binaries and source
> and the various hashes.  WHEN GENERAL DISTRIBUTION OCCURS, this page and
> all of the binaries and source pages will be at
> > <https://archive.apache.org/dist/openoffice/4.1.2-patch1>.
> 
> Please remember that it's just a draft of what is available at the
> moment. ;-) That's why the URLs for source and binaries differ already.
> Of course all URLs will change when everything is available at dist/ and
> no longer dev/.
> 
> RECOMMENDATION: In the Download&  Installation table, make all URLS
> *RELATIVE* to the HotFix page, since when it is staged to release and
> then to archive, the links will always work.
> >       NOTE. When we make general distribution, we stage the HotFix
> HTML page and the binaries subfolder to
> > <https://dist.apache.org/repos/dist/release/openoffice/4.1.2-patch1>
> using SVN copies.  In 24-48 hours or so that material will show up
> automatically on archive.apache.org and we can make the general
> distribution announcement.  The dist.apache.org materials can be removed
> when that happens.  WARNING. The Windows material is not ready, and some
> renaming will happen.  That should all be done by the end of Tuesday
> (GMT).
> 
> The current location of the hotfix webpage is of course is not the final
> one. It will be there where the other webpages are: at w.oo.o.
> 
> I've just put it into SVN to have it not yet on the public OO website.
[orcmid] 

LOL.  I thought that is where you wanted to keep it [;<).  Because it is so specific to this HotFix, I think it would be great to leave it with the downloads and the archive.apache.org site, but link to it from openoffice.org. 
 
> 
> >    3. Next Step under Download and Installation.  The README for
> Windows addresses the way to Unzip and provides important information
> about how the extract is into a folder of a default-determined name.  I
> don't know if the others provide comparable information and/or operating
> from a terminal is assumed.
> 
> Yes, more (Linux) or less (Mac) it should be comparable.
> 
> >    4. How to verify the download&  installation.  Verifying the Zip is
> sufficient.  The table does not identify the files those check cases are
> from so it is not at all clear what value this is.  RECOMMENDATION: If
> it is valuable, we should include the additional hashes inside the Zips,
> and provide the size and time stamp information in the individual README
> files.
> 
> Yes, right. "Old file" and "New file" is for sure not exact enough which
> file it is about. And the other file-based data can be moved to the
> Readme's, too.
> 
>  > That way there is no redundancy and the information is maintained in
>  > exactly one place.
> 
> <nitpicker>
> Ahm, no. ;-) At the moment we have it at a single place. When we split
> it into the 4 Readme's then we have 4 places to maintain.
> </nitpicker>
> 
> But at the end you are right. The webpage contains some details that
> should be moved to the respective Readme.
> 
> I'll finish the changes when I'm back from a trip on Thursday or Friday.
> 
> Thanks for your feedback.
> 
> Marcus
> 
> 
> 
> >> Looks good to me.
> >>
> >> --
> >> Kay Schenk
> >> Apache OpenOffice
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org


Re: [PATCH DOWNLOAD] Draft for the hotfix webpage

Posted by Marcus <ma...@wtnet.de>.
Am 08/15/2016 09:10 PM, schrieb Dennis E. Hamilton:
>
>> -----Original Message-----
>> From: Kay Schenk@apache.org [mailto:kschenk@apache.org]
>> Sent: Monday, August 15, 2016 08:59
>> To: dev@openoffice.apache.org
>> Subject: Re: [PATCH DOWNLOAD] Draft for the hotfix webpage
>>
>> On 08/13/2016 02:16 PM, Marcus wrote:
>>> As we have now the patched library file and Readme for all platforms,
>>> IMHO not much more is needed to go public with the hotfix. Therefore
>>> I've created a draft version of the hotfix download webpage:
>>>
>>> http://dist.apache.org/repos/dist/dev/openoffice/4.1.2-
>> patch1/hotfix.html
>>>
>>> Please review and tell me your feedback.
> [orcmid]
>
> I have a number of items.  I can fix the URLs in (2) below after I have updated the Windows set.
>
>    1. This is worded as if it is the advisory.  I assume this is, rather, something that should be linked to from an update of the advisory.  I request that it be a description of the HotFix.  It could link to the advisory, of course.  RECOMMENDATION: Have the emphasis be on this describing release of the hotfix for CVE-2016-1513.

OK, seems indeed not clear enough.

>    2. Download and Installation.  Currently, this page is at
> <https://dist.apache.org/repos/dist/dev/openoffice/4.1.2-patch1/hotfix.html>.  It has *ABSOLUTE* URLs to the binaries and source and the various hashes.  WHEN GENERAL DISTRIBUTION OCCURS, this page and all of the binaries and source pages will be at
> <https://archive.apache.org/dist/openoffice/4.1.2-patch1>.

Please remember that it's just a draft of what is available at the 
moment. ;-) That's why the URLs for source and binaries differ already. 
Of course all URLs will change when everything is available at dist/ and 
no longer dev/.

RECOMMENDATION: In the Download&  Installation table, make all URLS 
*RELATIVE* to the HotFix page, since when it is staged to release and 
then to archive, the links will always work.
>       NOTE. When we make general distribution, we stage the HotFix HTML page and the binaries subfolder to
> <https://dist.apache.org/repos/dist/release/openoffice/4.1.2-patch1>  using SVN copies.  In 24-48 hours or so that material will show up automatically on archive.apache.org and we can make the general distribution announcement.  The dist.apache.org materials can be removed when that happens.  WARNING. The Windows material is not ready, and some renaming will happen.  That should all be done by the end of Tuesday (GMT).

The current location of the hotfix webpage is of course is not the final 
one. It will be there where the other webpages are: at w.oo.o.

I've just put it into SVN to have it not yet on the public OO website.

>    3. Next Step under Download and Installation.  The README for Windows addresses the way to Unzip and provides important information about how the extract is into a folder of a default-determined name.  I don't know if the others provide comparable information and/or operating from a terminal is assumed.

Yes, more (Linux) or less (Mac) it should be comparable.

>    4. How to verify the download&  installation.  Verifying the Zip is sufficient.  The table does not identify the files those check cases are from so it is not at all clear what value this is.  RECOMMENDATION: If it is valuable, we should include the additional hashes inside the Zips, and provide the size and time stamp information in the individual README files.

Yes, right. "Old file" and "New file" is for sure not exact enough which 
file it is about. And the other file-based data can be moved to the 
Readme's, too.

 > That way there is no redundancy and the information is maintained in
 > exactly one place.

<nitpicker>
Ahm, no. ;-) At the moment we have it at a single place. When we split 
it into the 4 Readme's then we have 4 places to maintain.
</nitpicker>

But at the end you are right. The webpage contains some details that 
should be moved to the respective Readme.

I'll finish the changes when I'm back from a trip on Thursday or Friday.

Thanks for your feedback.

Marcus



>> Looks good to me.
>>
>> --
>> Kay Schenk
>> Apache OpenOffice

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org


RE: [PATCH DOWNLOAD] Draft for the hotfix webpage

Posted by "Dennis E. Hamilton" <de...@acm.org>.

> -----Original Message-----
> From: Kay Schenk@apache.org [mailto:kschenk@apache.org]
> Sent: Monday, August 15, 2016 08:59
> To: dev@openoffice.apache.org
> Subject: Re: [PATCH DOWNLOAD] Draft for the hotfix webpage
> 
> 
> 
> On 08/13/2016 02:16 PM, Marcus wrote:
> > As we have now the patched library file and Readme for all platforms,
> > IMHO not much more is needed to go public with the hotfix. Therefore
> > I've created a draft version of the hotfix download webpage:
> >
> > http://dist.apache.org/repos/dist/dev/openoffice/4.1.2-
> patch1/hotfix.html
> >
> > Please review and tell me your feedback.
[orcmid] 

I have a number of items.  I can fix the URLs in (2) below after I have updated the Windows set.

  1. This is worded as if it is the advisory.  I assume this is, rather, something that should be linked to from an update of the advisory.  I request that it be a description of the HotFix.  It could link to the advisory, of course.  RECOMMENDATION: Have the emphasis be on this describing release of the hotfix for CVE-2016-1513.

  2. Download and Installation.  Currently, this page is at 
<https://dist.apache.org/repos/dist/dev/openoffice/4.1.2-patch1/hotfix.html>.  It has *ABSOLUTE* URLs to the binaries and source and the various hashes.  WHEN GENERAL DISTRIBUTION OCCURS, this page and all of the binaries and source pages will be at 
<https://archive.apache.org/dist/openoffice/4.1.2-patch1>.  RECOMMENDATION: In the Download & Installation table, make all URLS *RELATIVE* to the HotFix page, since when it is staged to release and then to archive, the links will always work.  
     NOTE. When we make general distribution, we stage the HotFix HTML page and the binaries subfolder to 
<https://dist.apache.org/repos/dist/release/openoffice/4.1.2-patch1> using SVN copies.  In 24-48 hours or so that material will show up automatically on archive.apache.org and we can make the general distribution announcement.  The dist.apache.org materials can be removed when that happens.  WARNING. The Windows material is not ready, and some renaming will happen.  That should all be done by the end of Tuesday (GMT).  

  3. Next Step under Download and Installation.  The README for Windows addresses the way to Unzip and provides important information about how the extract is into a folder of a default-determined name.  I don't know if the others provide comparable information and/or operating from a terminal is assumed.

  4. How to verify the download & installation.  Verifying the Zip is sufficient.  The table does not identify the files those check cases are from so it is not at all clear what value this is.  RECOMMENDATION: If it is valuable, we should include the additional hashes inside the Zips, and provide the size and time stamp information in the individual README files.  That way there is no redundancy and the information is maintained in exactly one place.  

 - Dennis
  

> >
> > Thanks
> >
> > Marcus
> 
> Looks good to me.
> 
> 
> --
> Kay Schenk
> Apache OpenOffice
> 
> ----------------------------------------
> "Things work out best for those who make
>  the best of the way things work out."
>                          -- John Wooden
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org


Re: [PATCH DOWNLOAD] Draft for the hotfix webpage

Posted by "Kay Schenk@apache.org" <ks...@apache.org>.

On 08/13/2016 02:16 PM, Marcus wrote:
> As we have now the patched library file and Readme for all platforms,
> IMHO not much more is needed to go public with the hotfix. Therefore
> I've created a draft version of the hotfix download webpage:
> 
> http://dist.apache.org/repos/dist/dev/openoffice/4.1.2-patch1/hotfix.html
> 
> Please review and tell me your feedback.
> 
> Thanks
> 
> Marcus

Looks good to me.


-- 
Kay Schenk
Apache OpenOffice

----------------------------------------
"Things work out best for those who make
 the best of the way things work out."
                         -- John Wooden

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org