You are viewing a plain text version of this content. The canonical link for it is here.
Posted to qa@openoffice.apache.org by Jürgen Schmidt <jo...@gmail.com> on 2014/04/14 10:21:15 UTC
[RELEASE]: RC3 available
Hi,
the RC3 build (rev. 1586584) is uploading and most of the files are
already available. Only 32 bit language packs for Linux are currently
missing.
I plan to start a vote later today but would like to invite everybody to
test the new build already ...
https://cwiki.apache.org/confluence/display/OOOUSERS/Development+Snapshot+Builds
Juergen
---------------------------------------------------------------------
To unsubscribe, e-mail: qa-unsubscribe@openoffice.apache.org
For additional commands, e-mail: qa-help@openoffice.apache.org
Re: [RELEASE]: RC3 available
Posted by Jürgen Schmidt <jo...@gmail.com>.
On 4/16/14 3:28 PM, Jürgen Schmidt wrote:
> On 4/15/14 4:14 PM, imacat wrote:
>> Hi,
>>
>> On 2014/04/14 16:21, Jürgen Schmidt said:
>>> the RC3 build (rev. 1586584) is uploading and most of the files
>>> are already available. Only 32 bit language packs for Linux are
>>> currently missing.
>>>
>>> I plan to start a vote later today but would like to invite
>>> everybody to test the new build already ...
>>>
>>> https://cwiki.apache.org/confluence/display/OOOUSERS/Development+Snapshot+Builds
>>
>>>
>> I found that I cannot digitally sign my documents with 4.1 as 4.0
>> anymore. Is it a planned change, or a bug?
>
> can you provide more information how exactly you did it in 4.0? I am
> not very familiar with document signing and haven't signed a document
> before. The information I found is not clear to me and the behaviour
> is always the same in 4.0, 4.0.1 and 4.1 at least on Mac. I have a
> self signed cert created ...
>
> Does anybody know more about document signing and how it is intended
> to work?
Ok I did some Easter learning and I can confirm that this feature is
broken (on Mac and Linux) because of the removal of the mozilla
libraries. On Windows it is still working because here the Windows
certificate store is already used. It's not nice and we have to fix this
asap but that will take time and is not possible for AOO 4.1.
Nevertheless would I like to propose to continue with the AOO 4.1
release. I believe to remember that we proposed and agreed on the
removal of the mozilla libraries to get rid of this ugly old stuff.
Users who require this features on Mac and Linux have to wait for the
next release.
Juergen
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: [RELEASE]: RC3 available
Posted by Jürgen Schmidt <jo...@gmail.com>.
On 4/17/14 9:50 AM, Rory O'Farrell wrote:
> On Thu, 17 Apr 2014 09:40:25 +0200
> Andrea Pescetti <pe...@apache.org> wrote:
>
>> Juergen Schmidt wrote:
>>> Am Donnerstag, 17. April 2014 um 01:04 schrieb Andrea Pescetti:
>>>> It seems rather serious. I expect that "ordinary" private users are
>>>> not affected so much, but corporate or institutional users may be.
>>> this is very speculative and I am not aware of any reported problem
>>> until now.
>>
>> Indeed this is just my expectation. I would like to ask the mailing
>> lists for some dedicated testing and evaluation, as I wrote. But I can't
>> even give users the link since our CI server is broken and nobody can
>> download RC3 at the moment.
>>
>> I described the four "lost features" from Mozilla we identified so far
>> (this one and the three from the release notes) and asked on the mailing
>> lists in Italian if somebody is using them.
>> http://mail-archives.apache.org/mod_mbox/openoffice-utenti-it/201404.mbox/%3C534F8104.20408%40apache.org%3E
>> (why the Italian lists? because digital signatures in OpenOffice are a
>> topic that I've seen discussed there over the years) Does it make sense
>> to send a warning to the international users list too?
>>
>>> Do we really want stop the current 4.1 release that is probably good
>>> for > 95% of our users?
>>
>> We are estimating with no knowledge. A quick e-mail discussion on the
>> users list would give us better information on whether we are dropping
>> something critical for users or not. Then I perfectly understand that we
>> have to deliver 4.1.0 in a reasonable timeframe and that we have no
>> immediate solution for this removed feature.
>>
>> Ideally, we should at least conclude that:
>>
>> 1) the Windows version is completely unaffected (best way: ask people
>> who rely on these features to test with the Beta or RC3)
>>
>> 2) the feature is not seen as critical in other environments (it isn't
>> for me, it isn't for you; but we may be missing some important use cases).
>>
>>> I would go for the release, fix it and release a 4.1.1 when a fix is
>>> available.
>>
>> If we are committed to fix it in 4.1.1 this is important to say too.
>>
>> Regards,
>> Andrea.
>
> Another possibility: I am not au fait with Digital Signatures so may be utterly off target
>
> Would it be possible to (quickly) develop an extension that provided the Digital Signature functionality? Then release of OO 4.1 could continue as planned, with the Digital Signature functionality available by such an add-on?
>
probably not easy ;-)
We should discuss the this feature in a separate thread because I see
many open question about it in general... But the good news is that it
still works on Windows and I am very confident that it works completely.
Juergen
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: [RELEASE]: RC3 available
Posted by Rory O'Farrell <of...@iol.ie>.
On Thu, 17 Apr 2014 09:40:25 +0200
Andrea Pescetti <pe...@apache.org> wrote:
> Juergen Schmidt wrote:
> > Am Donnerstag, 17. April 2014 um 01:04 schrieb Andrea Pescetti:
> >> It seems rather serious. I expect that "ordinary" private users are
> >> not affected so much, but corporate or institutional users may be.
> > this is very speculative and I am not aware of any reported problem
> > until now.
>
> Indeed this is just my expectation. I would like to ask the mailing
> lists for some dedicated testing and evaluation, as I wrote. But I can't
> even give users the link since our CI server is broken and nobody can
> download RC3 at the moment.
>
> I described the four "lost features" from Mozilla we identified so far
> (this one and the three from the release notes) and asked on the mailing
> lists in Italian if somebody is using them.
> http://mail-archives.apache.org/mod_mbox/openoffice-utenti-it/201404.mbox/%3C534F8104.20408%40apache.org%3E
> (why the Italian lists? because digital signatures in OpenOffice are a
> topic that I've seen discussed there over the years) Does it make sense
> to send a warning to the international users list too?
>
> > Do we really want stop the current 4.1 release that is probably good
> > for > 95% of our users?
>
> We are estimating with no knowledge. A quick e-mail discussion on the
> users list would give us better information on whether we are dropping
> something critical for users or not. Then I perfectly understand that we
> have to deliver 4.1.0 in a reasonable timeframe and that we have no
> immediate solution for this removed feature.
>
> Ideally, we should at least conclude that:
>
> 1) the Windows version is completely unaffected (best way: ask people
> who rely on these features to test with the Beta or RC3)
>
> 2) the feature is not seen as critical in other environments (it isn't
> for me, it isn't for you; but we may be missing some important use cases).
>
> > I would go for the release, fix it and release a 4.1.1 when a fix is
> > available.
>
> If we are committed to fix it in 4.1.1 this is important to say too.
>
> Regards,
> Andrea.
Another possibility: I am not au fait with Digital Signatures so may be utterly off target
Would it be possible to (quickly) develop an extension that provided the Digital Signature functionality? Then release of OO 4.1 could continue as planned, with the Digital Signature functionality available by such an add-on?
--
Rory O'Farrell <of...@iol.ie>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: [RELEASE]: RC3 available
Posted by Andrea Pescetti <pe...@apache.org>.
Juergen Schmidt wrote:
> Am Donnerstag, 17. April 2014 um 01:04 schrieb Andrea Pescetti:
>> It seems rather serious. I expect that "ordinary" private users are
>> not affected so much, but corporate or institutional users may be.
> this is very speculative and I am not aware of any reported problem
> until now.
Indeed this is just my expectation. I would like to ask the mailing
lists for some dedicated testing and evaluation, as I wrote. But I can't
even give users the link since our CI server is broken and nobody can
download RC3 at the moment.
I described the four "lost features" from Mozilla we identified so far
(this one and the three from the release notes) and asked on the mailing
lists in Italian if somebody is using them.
http://mail-archives.apache.org/mod_mbox/openoffice-utenti-it/201404.mbox/%3C534F8104.20408%40apache.org%3E
(why the Italian lists? because digital signatures in OpenOffice are a
topic that I've seen discussed there over the years) Does it make sense
to send a warning to the international users list too?
> Do we really want stop the current 4.1 release that is probably good
> for > 95% of our users?
We are estimating with no knowledge. A quick e-mail discussion on the
users list would give us better information on whether we are dropping
something critical for users or not. Then I perfectly understand that we
have to deliver 4.1.0 in a reasonable timeframe and that we have no
immediate solution for this removed feature.
Ideally, we should at least conclude that:
1) the Windows version is completely unaffected (best way: ask people
who rely on these features to test with the Beta or RC3)
2) the feature is not seen as critical in other environments (it isn't
for me, it isn't for you; but we may be missing some important use cases).
> I would go for the release, fix it and release a 4.1.1 when a fix is
> available.
If we are committed to fix it in 4.1.1 this is important to say too.
Regards,
Andrea.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: [RELEASE]: RC3 available
Posted by Juergen Schmidt <jo...@gmail.com>.
Am Donnerstag, 17. April 2014 um 01:04 schrieb Andrea Pescetti:
> Juergen Schmidt wrote:
> > Am Mittwoch, 16. April 2014 um 19:03 schrieb imacat:
> > > Sorry I found this problem too late.
> >
> > well it is indeed unfortunately but shows also that this feature is not very often used. It seems at least so.
> >
>
>
> It seems rather serious. I expect that "ordinary" private users are not
> affected so much, but corporate or institutional users may be.
>
>
this is very speculative and I am not aware of any reported problem until now. I agree that we have to fix this asap but it is not so easy and takes time. On Mac we have to access the keychain and use the certs from there. It's comparable to windows. But on Linux I am not sure if there exist something similar or if we have to rely on the mozilla cert store.
Do we really want stop the current 4.1 release that is probably good for > 95% of our users? For a problem that was not reported over month.
I would go for the release, fix it and release a 4.1.1 when a fix is available. But I would like to know if it still works on Windows where most of our users come from.
Juergen
> One thing
> we could do is to call for specific testing on mailing lists, so that
> these "power users" can compare 4.0.1 and 4.1.0-RC3 in their concrete
> experience on Linux/Mac. But we'll need the snapshots to be reachable
> again (due to the already discussed infra problems) for this.
>
> It's true that removal of Mozilla libraries was discussed and approved,
> but the side effects at the time were believed to be almost irrelevant
> with respect to this newly found one.
>
> And thanks Imacat for reporting this... better late than after release!
> Shall we capture it in Bugzilla with your instructions?
>
> Regards,
> Andrea.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
>
Re: [RELEASE]: RC3 available
Posted by imacat <im...@mail.imacat.idv.tw>.
On 2014/04/17 07:04, Andrea Pescetti said:
> Juergen Schmidt wrote:
>> Am Mittwoch, 16. April 2014 um 19:03 schrieb imacat:
>>> Sorry I found this problem too late.
>> well it is indeed unfortunately but shows also that this feature is
>> not very often used. It seems at least so.
>
> It seems rather serious. I expect that "ordinary" private users are not
> affected so much, but corporate or institutional users may be. One thing
> we could do is to call for specific testing on mailing lists, so that
> these "power users" can compare 4.0.1 and 4.1.0-RC3 in their concrete
> experience on Linux/Mac. But we'll need the snapshots to be reachable
> again (due to the already discussed infra problems) for this.
>
> It's true that removal of Mozilla libraries was discussed and approved,
> but the side effects at the time were believed to be almost irrelevant
> with respect to this newly found one.
>
> And thanks Imacat for reporting this... better late than after release!
> Shall we capture it in Bugzilla with your instructions?
Sure! I cannot log on to bugzilla now, still investigating.
P.S. To sign the macros: Start the Basic IDE, navigate to the document
macro, and select [File]->[Digital signature].
>
> Regards,
> Andrea.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
--
Best regards,
imacat ^_*' <im...@mail.imacat.idv.tw>
PGP Key http://www.imacat.idv.tw/me/pgpkey.asc
<<Woman's Voice>> News: http://www.wov.idv.tw/
Tavern IMACAT's http://www.imacat.idv.tw/
Woman in FOSS in Taiwan http://wofoss.blogspot.com/
OpenOffice http://www.openoffice.org/
EducOO/OOo4Kids Taiwan http://www.educoo.tw/
Greenfoot Taiwan http://greenfoot.westart.tw/
Re: [RELEASE]: RC3 available
Posted by Andrea Pescetti <pe...@apache.org>.
Juergen Schmidt wrote:
> Am Mittwoch, 16. April 2014 um 19:03 schrieb imacat:
>> Sorry I found this problem too late.
> well it is indeed unfortunately but shows also that this feature is not very often used. It seems at least so.
It seems rather serious. I expect that "ordinary" private users are not
affected so much, but corporate or institutional users may be. One thing
we could do is to call for specific testing on mailing lists, so that
these "power users" can compare 4.0.1 and 4.1.0-RC3 in their concrete
experience on Linux/Mac. But we'll need the snapshots to be reachable
again (due to the already discussed infra problems) for this.
It's true that removal of Mozilla libraries was discussed and approved,
but the side effects at the time were believed to be almost irrelevant
with respect to this newly found one.
And thanks Imacat for reporting this... better late than after release!
Shall we capture it in Bugzilla with your instructions?
Regards,
Andrea.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: [RELEASE]: RC3 available
Posted by Juergen Schmidt <jo...@gmail.com>.
Am Mittwoch, 16. April 2014 um 19:03 schrieb imacat:
> On 2014/04/16 23:58, Rob Weir said:
> > On Wed, Apr 16, 2014 at 11:31 AM, imacat <im...@mail.imacat.idv.tw> wrote:
> > > On 2014/04/16 21:28, Jürgen Schmidt said:
> > > > On 4/15/14 4:14 PM, imacat wrote:
> > > > > On 2014/04/14 16:21, Jürgen Schmidt said:
> > > > > > the RC3 build (rev. 1586584) is uploading and most of the files
> > > > > > are already available. Only 32 bit language packs for Linux are
> > > > > > currently missing.
> > > > > >
> > > > > > I plan to start a vote later today but would like to invite
> > > > > > everybody to test the new build already ...
> > > > > >
> > > > > > https://cwiki.apache.org/confluence/display/OOOUSERS/Development+Snapshot+Builds
> > > > > I found that I cannot digitally sign my documents with 4.1 as 4.0
> > > > > anymore. Is it a planned change, or a bug?
> > > > >
> > > >
> > > >
> > > > can you provide more information how exactly you did it in 4.0? I am
> > > > not very familiar with document signing and haven't signed a document
> > > > before. The information I found is not clear to me and the behaviour
> > > > is always the same in 4.0, 4.0.1 and 4.1 at least on Mac. I have a
> > > > self signed cert created ...
> > > >
> > >
> > >
> > > On Linux, OpenOffice document signature is done via the Mozilla
> > > firefox certificate store. On Windows, it is done via the Windows
> > > certificate store.
> > >
> > > I suppose the procedure is as follows:
> > >
> > > 1. Get/create a personal X.509 key/certificate with e-mail as the common
> > > name. Self-signed personal key/certificates should be OK.
> > >
> > > 2. Import it into the Mozilla firefox certificate store or Windows
> > > certificate store.
> > >
> > > 3. Close OpenOffice, including the quick run icon, if it is currently
> > > running. Restart it.
> > >
> > > 4. Save some document with something.
> > >
> > > 5. Sign the document from [File]=>[Digital Signature].
> > >
> > > Before 4.0, the personal key/certificate in the Mozilla certificate
> > > store will be shown in [File]=>[Digital Signature]. On 4.1, this is
> > > missing.
> > >
> > > Digital signature is an important part to OpenOffice macro security
> > > and document integrity. If this is unintended, we will have to do
> > > something to fix it.
> > >
> >
> >
> > So what happens to a document that was signed with AOO 4.0.1? Can you
> > read it in AOO 4.1? Can you verify the signature? Same for a signed
> > macro?
> >
>
>
> I understand Juergen's point on the removal of Mozilla library. But
> I'm not sure if we can take this lightly.
>
> Documents that were digitally signed can still be opened and edited,
> but their signatures cannot be verified, and they cannot be signed again
> once they are modified.
>
> Document macros that were digitally signed can still work if their
> signers were confirmed before. But these macros will not work for the
> first time on newer installations unless their users change their
> security method. Newer document macros cannot be signed anymore, and
> the users have to change their security method. I do not know if this
> is serious or not.
>
> Sorry I found this problem too late.
well it is indeed unfortunately but shows also that this feature is not very often used. It seems at least so.
For me it is still confusing, I don't see my certificates under trusted certs in the macro security dialog and have no clue how or where I can add trusted certs. But I can sign documents under Windows with a self signed cert. If the cert is added as trusted root cert it can be validated.
I will do more checks on Linux and Mac with an older version but have this really worked before?
Juergen
>
> >
> > I think it is important to know whether AOO 4.1 "fails safe" with
> > signed macros if it is unable to verify the signature. If a user has
> > set security to allow only execution of signed macros and AOO 4.1
> > permits them to be executed without being able to verify the
> > signature, then we have a much more serious problem. I'm not saying
> > that this problem exists, but we should check carefully to make sure
> > it is not a problem.
> >
> > -Rob
> >
> >
> > > >
> > > > Does anybody know more about document signing and how it is intended
> > > > to work?
> > > >
> > > > Juergen
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> > > > For additional commands, e-mail: dev-help@openoffice.apache.org
> > > >
> > >
> > >
> > >
> > > --
> > > Best regards,
> > > imacat ^_*' <im...@mail.imacat.idv.tw>
> > > PGP Key http://www.imacat.idv.tw/me/pgpkey.asc
> > >
> > > <<Woman's Voice>> News: http://www.wov.idv.tw/
> > > Tavern IMACAT's http://www.imacat.idv.tw/
> > > Woman in FOSS in Taiwan http://wofoss.blogspot.com/
> > > OpenOffice http://www.openoffice.org/
> > > EducOO/OOo4Kids Taiwan http://www.educoo.tw/
> > > Greenfoot Taiwan http://greenfoot.westart.tw/
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> > For additional commands, e-mail: dev-help@openoffice.apache.org
> >
>
>
>
> --
> Best regards,
> imacat ^_*' <im...@mail.imacat.idv.tw>
> PGP Key http://www.imacat.idv.tw/me/pgpkey.asc
>
> <<Woman's Voice>> News: http://www.wov.idv.tw/
> Tavern IMACAT's http://www.imacat.idv.tw/
> Woman in FOSS in Taiwan http://wofoss.blogspot.com/
> OpenOffice http://www.openoffice.org/
> EducOO/OOo4Kids Taiwan http://www.educoo.tw/
> Greenfoot Taiwan http://greenfoot.westart.tw/
>
>
Re: [RELEASE]: RC3 available
Posted by imacat <im...@mail.imacat.idv.tw>.
On 2014/04/16 23:58, Rob Weir said:
> On Wed, Apr 16, 2014 at 11:31 AM, imacat <im...@mail.imacat.idv.tw> wrote:
>> On 2014/04/16 21:28, Jürgen Schmidt said:
>>> On 4/15/14 4:14 PM, imacat wrote:
>>>> On 2014/04/14 16:21, Jürgen Schmidt said:
>>>>> the RC3 build (rev. 1586584) is uploading and most of the files
>>>>> are already available. Only 32 bit language packs for Linux are
>>>>> currently missing.
>>>>>
>>>>> I plan to start a vote later today but would like to invite
>>>>> everybody to test the new build already ...
>>>>>
>>>>> https://cwiki.apache.org/confluence/display/OOOUSERS/Development+Snapshot+Builds
>>>> I found that I cannot digitally sign my documents with 4.1 as 4.0
>>>> anymore. Is it a planned change, or a bug?
>>>
>>> can you provide more information how exactly you did it in 4.0? I am
>>> not very familiar with document signing and haven't signed a document
>>> before. The information I found is not clear to me and the behaviour
>>> is always the same in 4.0, 4.0.1 and 4.1 at least on Mac. I have a
>>> self signed cert created ...
>>
>> On Linux, OpenOffice document signature is done via the Mozilla
>> firefox certificate store. On Windows, it is done via the Windows
>> certificate store.
>>
>> I suppose the procedure is as follows:
>>
>> 1. Get/create a personal X.509 key/certificate with e-mail as the common
>> name. Self-signed personal key/certificates should be OK.
>>
>> 2. Import it into the Mozilla firefox certificate store or Windows
>> certificate store.
>>
>> 3. Close OpenOffice, including the quick run icon, if it is currently
>> running. Restart it.
>>
>> 4. Save some document with something.
>>
>> 5. Sign the document from [File]=>[Digital Signature].
>>
>> Before 4.0, the personal key/certificate in the Mozilla certificate
>> store will be shown in [File]=>[Digital Signature]. On 4.1, this is
>> missing.
>>
>> Digital signature is an important part to OpenOffice macro security
>> and document integrity. If this is unintended, we will have to do
>> something to fix it.
>>
>
> So what happens to a document that was signed with AOO 4.0.1? Can you
> read it in AOO 4.1? Can you verify the signature? Same for a signed
> macro?
I understand Juergen's point on the removal of Mozilla library. But
I'm not sure if we can take this lightly.
Documents that were digitally signed can still be opened and edited,
but their signatures cannot be verified, and they cannot be signed again
once they are modified.
Document macros that were digitally signed can still work if their
signers were confirmed before. But these macros will not work for the
first time on newer installations unless their users change their
security method. Newer document macros cannot be signed anymore, and
the users have to change their security method. I do not know if this
is serious or not.
Sorry I found this problem too late.
>
> I think it is important to know whether AOO 4.1 "fails safe" with
> signed macros if it is unable to verify the signature. If a user has
> set security to allow only execution of signed macros and AOO 4.1
> permits them to be executed without being able to verify the
> signature, then we have a much more serious problem. I'm not saying
> that this problem exists, but we should check carefully to make sure
> it is not a problem.
>
> -Rob
>
>
>>>
>>> Does anybody know more about document signing and how it is intended
>>> to work?
>>>
>>> Juergen
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
>>> For additional commands, e-mail: dev-help@openoffice.apache.org
>>>
>>
>>
>> --
>> Best regards,
>> imacat ^_*' <im...@mail.imacat.idv.tw>
>> PGP Key http://www.imacat.idv.tw/me/pgpkey.asc
>>
>> <<Woman's Voice>> News: http://www.wov.idv.tw/
>> Tavern IMACAT's http://www.imacat.idv.tw/
>> Woman in FOSS in Taiwan http://wofoss.blogspot.com/
>> OpenOffice http://www.openoffice.org/
>> EducOO/OOo4Kids Taiwan http://www.educoo.tw/
>> Greenfoot Taiwan http://greenfoot.westart.tw/
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
--
Best regards,
imacat ^_*' <im...@mail.imacat.idv.tw>
PGP Key http://www.imacat.idv.tw/me/pgpkey.asc
<<Woman's Voice>> News: http://www.wov.idv.tw/
Tavern IMACAT's http://www.imacat.idv.tw/
Woman in FOSS in Taiwan http://wofoss.blogspot.com/
OpenOffice http://www.openoffice.org/
EducOO/OOo4Kids Taiwan http://www.educoo.tw/
Greenfoot Taiwan http://greenfoot.westart.tw/
Re: [RELEASE]: RC3 available
Posted by Rob Weir <ro...@apache.org>.
On Wed, Apr 16, 2014 at 11:31 AM, imacat <im...@mail.imacat.idv.tw> wrote:
> On 2014/04/16 21:28, Jürgen Schmidt said:
>> On 4/15/14 4:14 PM, imacat wrote:
>>> On 2014/04/14 16:21, Jürgen Schmidt said:
>>>> the RC3 build (rev. 1586584) is uploading and most of the files
>>>> are already available. Only 32 bit language packs for Linux are
>>>> currently missing.
>>>>
>>>> I plan to start a vote later today but would like to invite
>>>> everybody to test the new build already ...
>>>>
>>>> https://cwiki.apache.org/confluence/display/OOOUSERS/Development+Snapshot+Builds
>>> I found that I cannot digitally sign my documents with 4.1 as 4.0
>>> anymore. Is it a planned change, or a bug?
>>
>> can you provide more information how exactly you did it in 4.0? I am
>> not very familiar with document signing and haven't signed a document
>> before. The information I found is not clear to me and the behaviour
>> is always the same in 4.0, 4.0.1 and 4.1 at least on Mac. I have a
>> self signed cert created ...
>
> On Linux, OpenOffice document signature is done via the Mozilla
> firefox certificate store. On Windows, it is done via the Windows
> certificate store.
>
> I suppose the procedure is as follows:
>
> 1. Get/create a personal X.509 key/certificate with e-mail as the common
> name. Self-signed personal key/certificates should be OK.
>
> 2. Import it into the Mozilla firefox certificate store or Windows
> certificate store.
>
> 3. Close OpenOffice, including the quick run icon, if it is currently
> running. Restart it.
>
> 4. Save some document with something.
>
> 5. Sign the document from [File]=>[Digital Signature].
>
> Before 4.0, the personal key/certificate in the Mozilla certificate
> store will be shown in [File]=>[Digital Signature]. On 4.1, this is
> missing.
>
> Digital signature is an important part to OpenOffice macro security
> and document integrity. If this is unintended, we will have to do
> something to fix it.
>
So what happens to a document that was signed with AOO 4.0.1? Can you
read it in AOO 4.1? Can you verify the signature? Same for a signed
macro?
I think it is important to know whether AOO 4.1 "fails safe" with
signed macros if it is unable to verify the signature. If a user has
set security to allow only execution of signed macros and AOO 4.1
permits them to be executed without being able to verify the
signature, then we have a much more serious problem. I'm not saying
that this problem exists, but we should check carefully to make sure
it is not a problem.
-Rob
>>
>> Does anybody know more about document signing and how it is intended
>> to work?
>>
>> Juergen
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
>> For additional commands, e-mail: dev-help@openoffice.apache.org
>>
>
>
> --
> Best regards,
> imacat ^_*' <im...@mail.imacat.idv.tw>
> PGP Key http://www.imacat.idv.tw/me/pgpkey.asc
>
> <<Woman's Voice>> News: http://www.wov.idv.tw/
> Tavern IMACAT's http://www.imacat.idv.tw/
> Woman in FOSS in Taiwan http://wofoss.blogspot.com/
> OpenOffice http://www.openoffice.org/
> EducOO/OOo4Kids Taiwan http://www.educoo.tw/
> Greenfoot Taiwan http://greenfoot.westart.tw/
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: [RELEASE]: RC3 available
Posted by imacat <im...@mail.imacat.idv.tw>.
On 2014/04/16 21:28, Jürgen Schmidt said:
> On 4/15/14 4:14 PM, imacat wrote:
>> On 2014/04/14 16:21, Jürgen Schmidt said:
>>> the RC3 build (rev. 1586584) is uploading and most of the files
>>> are already available. Only 32 bit language packs for Linux are
>>> currently missing.
>>>
>>> I plan to start a vote later today but would like to invite
>>> everybody to test the new build already ...
>>>
>>> https://cwiki.apache.org/confluence/display/OOOUSERS/Development+Snapshot+Builds
>> I found that I cannot digitally sign my documents with 4.1 as 4.0
>> anymore. Is it a planned change, or a bug?
>
> can you provide more information how exactly you did it in 4.0? I am
> not very familiar with document signing and haven't signed a document
> before. The information I found is not clear to me and the behaviour
> is always the same in 4.0, 4.0.1 and 4.1 at least on Mac. I have a
> self signed cert created ...
On Linux, OpenOffice document signature is done via the Mozilla
firefox certificate store. On Windows, it is done via the Windows
certificate store.
I suppose the procedure is as follows:
1. Get/create a personal X.509 key/certificate with e-mail as the common
name. Self-signed personal key/certificates should be OK.
2. Import it into the Mozilla firefox certificate store or Windows
certificate store.
3. Close OpenOffice, including the quick run icon, if it is currently
running. Restart it.
4. Save some document with something.
5. Sign the document from [File]=>[Digital Signature].
Before 4.0, the personal key/certificate in the Mozilla certificate
store will be shown in [File]=>[Digital Signature]. On 4.1, this is
missing.
Digital signature is an important part to OpenOffice macro security
and document integrity. If this is unintended, we will have to do
something to fix it.
>
> Does anybody know more about document signing and how it is intended
> to work?
>
> Juergen
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
--
Best regards,
imacat ^_*' <im...@mail.imacat.idv.tw>
PGP Key http://www.imacat.idv.tw/me/pgpkey.asc
<<Woman's Voice>> News: http://www.wov.idv.tw/
Tavern IMACAT's http://www.imacat.idv.tw/
Woman in FOSS in Taiwan http://wofoss.blogspot.com/
OpenOffice http://www.openoffice.org/
EducOO/OOo4Kids Taiwan http://www.educoo.tw/
Greenfoot Taiwan http://greenfoot.westart.tw/
Re: [RELEASE]: RC3 available
Posted by Jürgen Schmidt <jo...@gmail.com>.
On 4/15/14 4:14 PM, imacat wrote:
> Hi,
>
> On 2014/04/14 16:21, Jürgen Schmidt said:
>> the RC3 build (rev. 1586584) is uploading and most of the files
>> are already available. Only 32 bit language packs for Linux are
>> currently missing.
>>
>> I plan to start a vote later today but would like to invite
>> everybody to test the new build already ...
>>
>> https://cwiki.apache.org/confluence/display/OOOUSERS/Development+Snapshot+Builds
>
>>
> I found that I cannot digitally sign my documents with 4.1 as 4.0
> anymore. Is it a planned change, or a bug?
can you provide more information how exactly you did it in 4.0? I am
not very familiar with document signing and haven't signed a document
before. The information I found is not clear to me and the behaviour
is always the same in 4.0, 4.0.1 and 4.1 at least on Mac. I have a
self signed cert created ...
Does anybody know more about document signing and how it is intended
to work?
Juergen
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: [RELEASE]: RC3 available
Posted by imacat <im...@mail.imacat.idv.tw>.
Hi,
On 2014/04/14 16:21, Jürgen Schmidt said:
> the RC3 build (rev. 1586584) is uploading and most of the files are
> already available. Only 32 bit language packs for Linux are currently
> missing.
>
> I plan to start a vote later today but would like to invite everybody to
> test the new build already ...
>
> https://cwiki.apache.org/confluence/display/OOOUSERS/Development+Snapshot+Builds
I found that I cannot digitally sign my documents with 4.1 as 4.0
anymore. Is it a planned change, or a bug?
>
> Juergen
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
--
Best regards,
imacat ^_*' <im...@mail.imacat.idv.tw>
PGP Key http://www.imacat.idv.tw/me/pgpkey.asc
<<Woman's Voice>> News: http://www.wov.idv.tw/
Tavern IMACAT's http://www.imacat.idv.tw/
Woman in FOSS in Taiwan http://wofoss.blogspot.com/
OpenOffice http://www.openoffice.org/
EducOO/OOo4Kids Taiwan http://www.educoo.tw/
Greenfoot Taiwan http://greenfoot.westart.tw/