This is mainly a summary of opinions I've already expressed on security@. The discussion does not actually involve anything that needs to be confidential, so it should be taking place on dev@ instead.
This is controversial - I expect replies disagreeing with my views. The point of this thread is to hash out the diverging opinions and reach a consensus: Although I has not yet happened, there is a risk that AOO could be the subject of an in-the-field exploit of some, as yet unknown, security vulnerability. If that happened, users would have to suspend using AOO until we get a fix to them in a form they can use. If that suspension went on too long, or any significant number of users were harmed, AOO would be dead. We need a plan for releasing an emergency fix, and we need to rehearse the plan, possibly by picking a relatively minor, not yet exploited, bug and following the emergency process for it. The only effective way to get a fix distributed to most of the end users is to create and upload to SourceForge a new set of binaries. My reasoning is that anyone using AOO can either download and install software, or has someone who can and will do it for them. There is nothing else we can depend on. In particular, we cannot depend on the ability to follow an unfamiliar set of instructions accurately. Note that most Apache projects distribute software that is installed and managed by programmers or system administrators, who are experienced in following non-trivial instructions accurately. AOO can be installed and managed by non-technical end users. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org