On 08/13/2016 07:00 AM, Marcus wrote: > Here are my tests: > > Linux 32-bit: > > - ZIP file is OK and can be uncompressed > - MD5, SHA1 are OK [1] > - ZIP ASC is OK (signature from Kay Schenk) > - Library ASC is OK (signature from Ariel Constenla-Haile) > > Linux 64-bit: > > - ZIP file is OK and can be uncompressed > - MD5, SHA1 are OK [1] > - ZIP ASC is OK (signature from Kay Schenk) > - Library ASC is OK (signature from Ariel Constenla-Haile) > > Mac OSX: > > - ZIP file is OK and can be uncompressed > - MD5, SHA1 are OK [1] > - ZIP ASC is OK (signature from Kay Schenk) > - Library ASC is OK (signature from Ariel Constenla-Haile) > > However, after rewriting the files (of course without to modify the hash > values itself) the comparsion was OK. > > @Kay: > I've uploaded the sha256 hash files as suggested.
YAY! Good job! Do you mind when I > overwrite the other hash files with the ones I've created? Then all have > the same format. No, go right ahead. With the openssl with digest options, this is how they got formatted. > > Furthermore, I've read the Readme's for Linux [2] and Mac. As I didn't > wanted to simply overwrite your work, I've attached the modified > versions. So, you can review them first or I can overwrite them if you > don't mind. I assumed this part -- "Download the hotfix ZIP file to a location on your PC where it can be used and its content extracted. Example: User Jane downloaded and extracted the hotfix ZIP file from her browser window and saved it in a folder called "Downloads". The full path is: /home/jane/Downloads" would be on the hotfix page itself so not needed as part of the actual instructions. The rest of the changes look fine. > > [1] The files are not well formatted for the "md5sum" and "sha1sum" > commands. They need the following format: > > <hash value><space><space><file name> > > [2] The Readmes for Linux 32-bit and 64-bit are the same. I've just > attached the one for 32-bit. > > Marcus > > > > Am 08/12/2016 06:21 PM, schrieb Kay Schenk: >> On Thu, Aug 11, 2016 at 3:27 PM, Marcus<marcus.m...@wtnet.de> wrote: >> >>> Am 08/11/2016 09:50 PM, schrieb Kay sch...@apache.org: >>> >>>> >>>> On 08/09/2016 02:12 PM, Kay Schenk wrote: >>>> >>>>> [top posting] >>>>> I'm in the process of trying to "sync" instructions for Linux32, >>>>> Linux64, and MacOSX at the moment. As far as instructions on the >>>>> actual >>>>> HOTFIX page, we need to have just a "general" instruction for ALL zips >>>>> that simply says -- "Unzip this package to some folder of your >>>>> choosing >>>>> and read the README that's included." Everything else should be in the >>>>> various READMEs for each platform. >>>>> >>>>> I should be done with all edits by this evening for a final review >>>>> before zipping and signing. >>>>> >>>> >>>> Ok, I've now moved on to creating zip files, etc for Linux32, Linux64 >>>> and Mac. >>>> >>>> My openssl version on does NOT supply digest sha256. Is it OK to use >>>> sha1? MD5 already computed for each of these. >>>> >>> >>> I like to have it consistent for all platforms. Therefore I'll check the >>> ZIPs and deliver the sha256 hash files. >>> >>> Marcus >> >> >> Thanks a bunch Marcus! >> >> >> >>> >>> >>> >>> >>> On 08/05/2016 09:28 AM, Dennis E. Hamilton wrote: >>>>> >>>>>> Branching off the part that is not about the Windows 4.1.2-patch1 >>>>>> [TESTING]. >>>>>> >>>>>> -----Original Message----- >>>>>>> From: Marcus [mailto:marcus.m...@wtnet.de] >>>>>>> Sent: Thursday, August 4, 2016 15:52 >>>>>>> To: dev@openoffice.apache.org >>>>>>> Subject: Re: [TESTING] Applying openoffice-4.1.2-patch1 for Windows >>>>>>> >>>>>>> Am 08/05/2016 12:26 AM, schrieb Kay Schenk: >>>>>>> >>>>>> [ ... ] >>>>>> >>>>>>> >>>>>>>> hmmm...well no zips for Mac, Linux32, or Linux 64 -- yet. >>>>>>>> >>>>>>>> Should we get started on these? >>>>>>>> >>>>>>> >>>>>>> it depends what we want that they should contain. The ZIP file for >>>>>>> Windows contains a LICENSE and NOTICE file as well as an ASC file >>>>>>> for >>>>>>> the DLL. As it is only a patch IMHO we don't need to provide another >>>>>>> LICENSE and NOTICE file which is already available in the OpenOffice >>>>>>> installation. Also the ASC is not necessary as we provide it already >>>>>>> (together with MD5 and SHA256) for the whole ZIP file. >>>>>>> >>>>>> [orcmid] >>>>>> >>>>>> I think there is a misunderstanding. Two matters: >>>>>> >>>>>> 1. The use of LICENSE is required by the ALv2 itself, and the ASF >>>>>> practice is to include NOTICE as well on binary distributions. >>>>>> The patch >>>>>> qualifies, especially when it is moved to general distribution. >>>>>> It is also >>>>>> easy and harmless to provide. >>>>>> >>>>>> 2. The reason for preserving the .asc on the shared-library >>>>>> binary is >>>>>> because it authenticates with respect to who produced it and >>>>>> establishes >>>>>> that it has not been modified as supplied in the package (or as >>>>>> the result >>>>>> of some glitch in creation of the Zip). It provides a level of >>>>>> accountability and, also, auditability. >>>>>> >>>>>> Even though few people will check all of these, they remain >>>>>> possible to >>>>>> be checked. Since this is a matter of security vulnerabilities and >>>>>> involves elevation of privilege to perform, I believe it is >>>>>> important to >>>>>> demonstrate diligence and care, so that users have confidence in this >>>>>> procedure to the extent they are comfortable. Also, if it becomes >>>>>> necessary to troubleshoot a problem with these patch applications, >>>>>> we have >>>>>> the means to authenticate what they are using to ensure there are no >>>>>> counterfeits being offered to users. >>>>>> >>>>>>> >>>>>>> That means that only the README and library file remains. >>>>>>> >>>>>>> When the README for Windows keep its length then I don't want to >>>>>>> copy >>>>>>> this on the dowload webpage. ;-) >>>>>>> >>>>>>> So, when we put the README for all platforms in their ZIP files >>>>>>> then we >>>>>>> can just put a pointer to it on the download webpage and thats it. >>>>>>> >>>>>> [orcmid] >>>>>> >>>>>> Yes, that seems like a fine idea. The README can be linked the same >>>>>> way the .md5, .sha256, and .asc are linked. >>>>>> >>>>>> Also, the README may become simpler if we can link to some of the >>>>>> information and not have so much detail in the README text >>>>>> itself. It >>>>>> might even be useful to have an .html README for that matter. But >>>>>> that is >>>>>> all extra. Right now I think we want to get into the testing and >>>>>> see how >>>>>> to smooth what we have. >>>>>> >>>>>> PS: A friend of mine is looking into the MacOSX situation. He points >>>>>> out that one can use the Finder to do the job without users having >>>>>> to use >>>>>> Terminal sessions. I don't have further information at this time. >>>>>> >>>>>> PPS: The inclusion of scripts that do the job is also worthy of >>>>>> consideration, perhaps making it unnecessary to build >>>>>> executables. I will >>>>>> be looking at finding a .bat file that works safely for the >>>>>> Windows case. >>>>>> That can make the instructions much shorter :). >>>>>> >>>>>> >>>>>>> To cut a long story short: >>>>>>> I would say yes for a ZIP file for every platform. >>>>>>> >>>>>> [ ... ] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org > For additional commands, e-mail: dev-h...@openoffice.apache.org > -- -------------------------------------------- MzK "Time spent with cats is never wasted." -- Sigmund Freud --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
