You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openoffice.apache.org by bu...@apache.org on 2016/10/28 03:19:03 UTC
4.1.4_release_blocker requested: [Issue 127197] Bundling
msvcr100.dll is error-prone, insecure and hard to maintain
Ariel Constenla-Haile <ar...@apache.org> has asked for
4.1.4_release_blocker:
Issue 127197: Bundling msvcr100.dll is error-prone, insecure and hard to
maintain
https://bz.apache.org/ooo/show_bug.cgi?id=127197
--- Comment #1 from Ariel Constenla-Haile <ar...@apache.org> ---
Including the Visual C++ 2010 Redistributable Package x86 (we don't need the 64
bit version, because AOO is a 32 bit application and so it cannot load a 64 bit
JVM) increases a little the size of the installer:
135M Apache_OpenOffice_4.1.3_Win_x86_install_en-US.exe
143M Apache_OpenOffice_4.1.4_Win_x86_install_en-US.exe
The options are:
1) bundle the updated 32 version of msvcr100.dll
2) bundle the Visual C++ 2010 Redistributable Package
3) do not bundle anything, and advice the users to install the Visual C++ 2010
Redistributable Package by themselves
You can test with the installers at http://home.apache.org/~arielch/AOO414/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: 4.1.4_release_blocker requested: [Issue 127197] Bundling
msvcr100.dll is error-prone, insecure and hard to maintain
Posted by Pedro <pe...@openmailbox.org>.
Hi Ariel
Answering your comment on bugzilla
> > 1) bundle the updated 32 version of msvcr100.dll > > Yes, please!
Note the downside of bundling this library: if MS discovers a vulnerability and releases a new version,
we will be forced to provide a new release just because of this.
If MS finds a security issue then it is a good reason for releasing a
new version (even if nothing else changed, which hopefully is not the
case...) Now that the build tools are organized that should not be an
obstacle to simplifying the installer.
It is still not clear to me why the MSVC 2008 Libraries need to be
installed first. Why can't the required files be included in the
\program\ folder with the other DLLs? That is what all Windows programs
do (e.g. Java itself)...
Cheers,
Pedro
On 28/10/2016 04:19, bugzilla@apache.org wrote:
> Ariel Constenla-Haile <ar...@apache.org> has asked for
> 4.1.4_release_blocker:
> Issue 127197: Bundling msvcr100.dll is error-prone, insecure and hard to
> maintain
> https://bz.apache.org/ooo/show_bug.cgi?id=127197
>
>
>
> --- Comment #1 from Ariel Constenla-Haile <ar...@apache.org> ---
> Including the Visual C++ 2010 Redistributable Package x86 (we don't need the 64
> bit version, because AOO is a 32 bit application and so it cannot load a 64 bit
> JVM) increases a little the size of the installer:
>
> 135M Apache_OpenOffice_4.1.3_Win_x86_install_en-US.exe
> 143M Apache_OpenOffice_4.1.4_Win_x86_install_en-US.exe
>
> The options are:
>
> 1) bundle the updated 32 version of msvcr100.dll
>
> 2) bundle the Visual C++ 2010 Redistributable Package
>
> 3) do not bundle anything, and advice the users to install the Visual C++ 2010
> Redistributable Package by themselves
>
> You can test with the installers at http://home.apache.org/~arielch/AOO414/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>