On Fri, Mar 23, 2012 at 5:11 PM, Girvin R. Herr <[email protected]> wrote: > Dave, > Thanks for the quick, encouraging response. > I thought this security patch was part of an Apache effort and sanction. I > was not aware that it was produced by a 3rd party without Apache support.
That's a logical leap without basis. It is possible for a small group at Apache to have produced the patch and for there to be no policy against Linux. In fact both statements are true. Remember, we're not a commercial software vendor. Apache is a non-profit, run by volunteers. If volunteers wish to make a Linux patch, then they will. And it appears they will. We've certainly been building and testing OpenOffice 3.4 for Linux. If there are volunteers for Solaris, BSD, OS/2 or whatever, those patches will also appear. The Apache license allows anyone to take this code and build it on whatever platform they want. > My apologies to all. I will still keep an eye on it, but I am relieved that > the Linux omission was not a result of Apache policy. Again, policy has nothing to do with this. > Thanks. > Girvin > > > > Dave Fisher wrote: >> >> Work is proceeding on the Linux patch. Please subscribe to OOo-dev mailing >> list if you would like to help. >> >> There is no Apache policy at play here at all. A very small group prepared >> this security patch as one would expect. >> >> Many of the members of the Apache OpenOffice Podling Project Management >> Committee agree that Linux versions should have been included. >> >> Regards, >> Dave >> >> Sent from my iPhone >> >> On Mar 23, 2012, at 3:20 PM, "Girvin R. Herr" <[email protected]> >> wrote: >> >> >>> >>> Dan Lewis wrote: >>> >>>> >>>> On Thu, 2012-03-22 at 15:17 -0700, Terry wrote: >>>> >>>>> >>>>> This quote from the page mentioned by Rob: >>>>> >>>>> <quote>Linux and other platforms should consult their distro or OS >>>>> vendor for patch instructions.</quote> >>>>> >>>>> My distro doesn't support OpenOffice; most, I gather, don't. >>>>> >>>>> >>>>> >>>>> ----- Original Message ----- >>>>> >>>>>> >>>>>> From: NoOp <[email protected]> >>>>>> To: [email protected] >>>>>> Cc: Sent: Friday, 23 March 2012 5:13 AM >>>>>> Subject: Re: CVE-2012-0037: OpenOffice.org data leakage vulnerability >>>>>> >>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>> Hash: SHA1 >>>>>> >>>>>> On 03/22/2012 06:16 AM, Rob Weir wrote: >>>>>> >>>>>>> >>>>>>> Please note, this is the official security bulletin, targeted for >>>>>>> security professionals. If you are an OpenOffice.org 3.3 user, and >>>>>>> are able to apply the mentioned patch, then you are encouraged to >>>>>>> do so. If someone else supports or manages your desktop, then >>>>>>> please forward this information to them. >>>>>>> >>>>>> >>>>>> ... >>>>>> >>>>>> Where are the linux patches? I could only find Window and Mac: >>>>>> >>>>>> >>>>>> <http://www.eng.lsu.edu/mirrors/apache//incubator/ooo/3.3/patches/cve-2012-0037/> >>>>>> >>>>>> >>>>>> >>>> >>>> There is still a group of people using linux who have been ignored: >>>> the people who have downloaded their copy of OOo from the OOo website. I >>>> fall into this category. >>>> Seems to me that if you are going to issue patches for Windows and >>>> OSX for which you provide downloads from your website, you should >>>> provide a patch for the rest of the versions available as binaries for >>>> downloading from it. >>>> As far as compiling the patch, how many of the group I mentioned >>>> know how to compile the patches for their version? I don't, and likely >>>> many others don't either. In fact, I have never been able to compile any >>>> program following directions. I always have gotten one or more errors >>>> and not known what had caused the mistake nor how to fix it. That is why >>>> I download and install binaries. >>>> Fortunately for me, I have already downloaded from the BuildBot on >>>> 3/10/12 so I've gotten the patch applied. >>>> >>>> --Dan >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [email protected] >>>> For additional commands, e-mail: [email protected] >>>> >>>> >>>> >>> >>> Dan, >>> First, I must divulge that I am a retired software/hardware engineer, so >>> I do have experience in compiling programs under Linux. Some time ago, I >>> did compile OO.o 2.x for my Slackware Linux workstation, which does not come >>> with OO.o support. Although I didn't have any errors. it took about 3 hours >>> to do so on my 1.2GHz 1GB Athlon system, so I have since been repackaging >>> the downloaded OO.o binary packages into Slackware packages for >>> installation. So, I too am in the class of Linux users who download the >>> binary OO.o and are left out in the cold with this new scary Apache policy. >>> It deeply concerns me that there is any "discussion" at all regarding Linux >>> support. Although it may not be intended, it appears to me that Apache is >>> cutting off the *nix limb of the OO.o tree. That does not bode well for us >>> Linux users who have grown dependent on OO.o for maintaining our documents >>> and, more importantly and more critical to me, our database forms and >>> reports. It makes me want to look for another Open Document office suite. >>> Instead of being loyal to OO.o (aka AOO now) maybe I should take another >>> look at LO... >>> >>> I will at least be watching this issue closely and how Apache reacts. >>> >>> Girvin Herr >>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
