Thanks for the list. Apart from the differences thing it looks good to me.
Marcus Am 07/24/2016 11:37 PM, schrieb Andrea Pescetti:
While the severity of the security bug we disclosed http://www.openoffice.org/security/cves/CVE-2016-1513.html is not particularly high (it is classified as "Medium" with no known exploits and anti-virus software can detect malicious documents), we should release an update incorporating the -already tested- patch we disclosed in the announcement. I assume we will want to keep the effort minimal. To do so, an outline would be: 1) We commit the patch to the AOO410 branch. This is the branch used for all the 4.1.x series. 4.2.0 isn't out yet, so 4.1.x is still our reference version. 2) We do not make any other changes to the AOO410 branch. This is really meant to be a minimal update. Even the version number in the source package will remain 4.1.2. 3) We tag the release as AOO4121 and build the corresponding source package, which will have 4.1.2.1 in its name (I mean the filename, nowhere else). 4) We don't prepare full end-user release binaries but we do supply repaired libraries for power users - remember the circumstances above. The bugfix modifies one library file, and we have binaries ready for several platforms already. 5) We vote on the source and possibly binaries. We advertise the availability of the new packages on our website, but we don't send out update notifications and we don't put the files on SourceForge. Does this look OK? Once this is done, we will probably want to open another discussion and see how we can coordinate for a release that incorporates more fixes or features and is made available in full form, with all localized installers, to end users. But the above is mostly aimed in having an official way to ship the existing patch.
--------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
