On 03/27/2016 03:37 PM, Don Lewis wrote:
> On 27 Mar, Andrea Pescetti wrote:
>> On 29/01/2016 Andrea Pescetti wrote:
>>> For 4.2.0 we need a Release Manager. I would prefer NOT to be the
>>> Release Manager for 4.2.0 since I'm finding that in this period I can
>>> help more productively with tasks that do not require constant
>>> interaction ...
>>> I am surely available to have a significant role in the 4.2.0 release
>>
>> A few days after writing this, almost 2 months ago, sudden events left
>> me incapacitated to make any significant contributions until very
>> recently. I'm still unable to make long-term commitments.
>>
>> Anyway, there are some issues we need to get done as a team before
>> appointing a release manager makes sense:
>>
>> 1) Enough code. Done. The merge of the recent gbuild work totally
>> justifies a 4.2.0 release. Also, in 4.1.2 we only included a tiny
>> fraction of the fixes that (at that time) were available on trunk. So
>> here we are already OK, and we've been OK for months.
>
> Some of the external software that is bundled has security issues. I
> put together a patch for nss here:
> <https://bz.apache.org/ooo/show_bug.cgi?id=126891>.
>
> The version of libxml currently bundled also has a lot of known
> vulnerabilities. I'm currently testing a patch.
>
> These both need review and testing.
Ok, I'll keep my eyes open for the libxml patch and test
with your already supplied nss patch.
>
> The versions of openssl and curl badly need updating for the same
> reason, and there is one CVE for serf.
>
> There is a CVE for raptor-1.4.18, but I believe there was a cherry
> picked patch commited for that.
>
> There are likely to be vulnerabilites in the bundled version of
> silgraphite, but it has been unmaintained upstream for quite some time.
> Ideally we would switch to Graphite2, but the API is radically different
> and this looks difficult. The unattractive alternative is to look at
> the additional sanity checks added in recent Graphite2 commits and try
> to retrofit those into silgraphite.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
> For additional commands, e-mail: dev-h...@openoffice.apache.org
>
--
--------------------------------------------
MzK
"Time spent with cats is never wasted."
-- Sigmund Freud
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org
