You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@openoffice.apache.org by bu...@apache.org on 2015/11/27 19:26:56 UTC

[Issue 126703] New: Upgrade to Preferred Windows Installer Technique

https://bz.apache.org/ooo/show_bug.cgi?id=126703

          Issue ID: 126703
        Issue Type: TASK
           Summary: Upgrade to Preferred Windows Installer Technique
           Product: Installation
           Version: 4.1.1
          Hardware: All
               URL: http://seclists.org/fulldisclosure/2015/Nov/101
                OS: All
            Status: CONFIRMED
          Severity: Normal
          Priority: P5 (lowest)
         Component: ui
          Assignee: issues@openoffice.apache.org
          Reporter: orcmid@apache.org

This security-related message addresses important steps to be taken in
providing reliable installers on Windows,
http://seclists.org/fulldisclosure/2015/Nov/101

There are three aspects that apply to Apache OpenOffice

 1. Switching from an .exe installer to an .msi installer.  (This would
eliminate the strange behavior of unpacking a setup folder onto desktops and
leaving it there.)

 2. Having the .msi installer and all executable components digitally-signed
with embedded signatures recognized by Windows.

 3. Having registry entries and run-time loading for libraries and components
follow safe practices to prevent interception leading to operation of malicious
code.

There are other matters with regard to safe practices that apply to the
platform and that do not extend to Apache OpenOffice installation.  The above
three matter for demonstrating that the project is careful for the safety of
the users of our binary distributions on Windows.  

This might have some beneficial effect with regard to anti-virus false
positives and also discouraging the wrapping of AOO in installers that
piggy-back adware/malware and impose subscription/upgrade fees and otherwise
pass off as being authentic AOO distributions.

-- 
You are receiving this mail because:
You are the assignee for the issue.

[Issue 126703] Upgrade to Preferred Windows Installer Technique

Posted by bu...@apache.org.

https://bz.apache.org/ooo/show_bug.cgi?id=126703

Matthias Seidel <ms...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mseidel@apache.org

-- 
You are receiving this mail because:
You are the assignee for the issue.