To comment on the following update, log in, then open the issue:
http://www.openoffice.org/issues/show_bug.cgi?id=61685





------- Additional comments from [EMAIL PROTECTED] Thu Feb  9 14:05:05 -0800 
2006 -------
Just some additional comments on the perception of EE's.

Here, http://www.networkworld.com/newsletters/sec/0327sec1.html , an older
article about security.  Notice this part:

"How much space in the source and object code does this Easter egg take? How
much RAM and disk space are being wasted by all the people who have installed
and are using this product? And much more seriously, what does this Easter egg
imply about the quality assurance at the manufacturer's offices?

An Easter egg is presumably undocumented code - or at least, it's undocumented
for the users. ...I think the failure implies that there is no test-coverage
monitoring in that quality assurance process."

In the article, the author is talking about MS products.  Do we really want OOo
to be substituted and the target of analysis like this?

Here, http://www.soci.niu.edu/~rslade/secgloss.htm , we have a glossary of among
other things, information security terms.  Here is part of what is said about 
EE's:

"Opinion regarding easter eggs varies, from those who see them as simply
harmless jokes to those who consider the more complex inclusions to be trojan
horses. In general, however, the practice of including easter eggs and other
undocumented code in programs is detrimental to strict security."

By continuing to include the EE's, OOo may be practicing something that is
considered "detrimental to strict security".  Is that the message we want
potential users to get?

Finally, here http://www.newsforge.com/article.pl?sid=05/12/01/161213 we have a
parody that was written just this past December about aliens (real aliens, like
little green men from space) inserting malicious code into OSS projects like
Linux.  The thing about writing something like this is that it must contain
little gems of truth to it and introduce concepts that are silly.  Down near the
end we find this:

"As mentioned above, Windows is far too secure to be compromised by an alien.
Not only that -- and this is the important part -- there is no way for that
alien to hide code within Windows itself, while it could easily become a Linux
kernel contributor and slip its nefarious Easter eggs into Linux."

Why is that funny?  Obviously because there is a belief that, thanks to the OSS
programming method, the presence of Easter eggs in Linux is ridiculous.  And it
is probably equally ridiculous for other major OSS apps (which I think OOo is
one).  Yet here we are with EE's included in the code.

While I appreciate the position of the programmers and others who don't mind the
EE's, I fear there is far more of a downside to including them than there is an
upside.  Yes, the downside may be based a lot on perceptions.  Unfortunately, it
is far too common in this day and age that perceptions = reality.  And as we try
to push for wider adoption of OOo, this is one perception that we should not
have to battle if it can be corrected.

Once again, thanks for your consideration!

Jeff Causey

---------------------------------------------------------------------
Please do not reply to this automatically generated notification from
Issue Tracker. Please log onto the website and enter your comments.
http://qa.openoffice.org/issue_handling/project_issues.html#notification

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to