Hi, Am 21.02.21 um 09:43 schrieb Andrew Udvare: >> On 2021-02-20, at 16:48, Jean-Baptiste Faure <jbfa...@libreoffice.org> wrote: >> >> Hi, >> >> I certainly did not understand everything in >> https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610, but I >> wonder if LibreOffice could be subject to this kind of vulnerability? > As far as I can tell, the dependencies that LibreOffice uses in distributions > are gathered manually and updated manually. So, not really.
It's not that easy. The question indeed doesn't make sense for LibreOffice itself. Still anything which uses those "get your dependencies randomly from some random place in random versions and save them into your tree" thingy like npm, pip etc. is a problem. And LibreOffice Online *does* use npm. So while LibreOffice itself shouldn't be affected, conceptually by using npm LibreOffce Online is. Regards, Rene _______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice
