[board-discuss] Re: 2013 budget draft - TDF Budget as of 2013-01-14
Hi KJ Le 2013-01-16 03:08, klaus-jürgen weghorn ol a écrit : I like the idea of making a contest, but I dislike to limit it on QA. What about l10n, documentation, marketing, design and others? Let's do and budget a volunteer contest or even one (or more) prize(s) will be drawn by all contributors. Maybe we can find sponsors for some more prizes. FYI, there was a note sent to all of these groups for budgetary requests. You can find these notes on all of their lists. Most of them submitted no requests. The groups were pinged a total of 3 times. The most recent requests may be found on our wiki.[1] You can find the posts on each of the lists by searching on the term funding. Cheers, Marc [1] https://wiki.documentfoundation.org/Marketing/Funding_Priorities -- Marc Paré m...@marcpare.com http://www.parEntreprise.com parEntreprise.com Supports OpenDocument Formats (ODF) parEntreprise.com Supports http://www.LibreOffice.org
[board-discuss] Re: 2013 budget draft - TDF Budget as of 2013-01-14
Le 2013-01-15 08:06, Bjoern Michaelsen a écrit : On Tue, Jan 15, 2013 at 01:48:31PM +0100, Florian Effenberger wrote: QA netbooks (Björn) I'm Cc'ing those three. We have been working internally on the budget first, to have some starting point, and those three requests came in. These requests have not been decided on yet (on purpose, so the board has no advantage over the public lists), we want to discuss this here in public, so Olivier, Björn and Charles should elaborate on the plans. ;-) The QA netbooks have already been discussed on QA Call. The idea is to have a budget for a set of netbooks that we can give publically as prizes to our most active QA contributors in QA marathons and triage contests. The idea is that this will: - motivate our current volunteers - growth our triager community - allow triagers who have been using one platform only to have a dedicated system for dual-boot Windows and Linux without any interruption of their daily work - same for versions As netbooks for testing and triaging are available now for 200-300EUR this IMHO something well worth it. There are still some tricky details to work out and discuss like: - how to get them to the volunteers without too much extra cost (shipping/handing them over at HackFests) - how to set the rules on 'winning' one of these without making it too complex or to easy to game the system Proposals on how to fix this for the next bug triage contest/QA marathon are most appreciated of course! Best, Bjoern Thanks Bjoern, Re: Shipping, A suggestion could be to -- we should be able to buy and deliver using our TDF members' help. For example, if awarding to anyone in my geographic location (Waterloo-Toronto Canada), I could make either a trip out to deliver and award OR make arrangements for purchase and deliver locally. The member in this instance could represent the TDF for the award. Great idea for the QA and enticement to join. Cheers, Marc -- Marc Paré m...@marcpare.com http://www.parEntreprise.com parEntreprise.com Supports OpenDocument Formats (ODF) parEntreprise.com Supports http://www.LibreOffice.org
Re: [tdf-discuss] Master Thesis about STAROffice, OpenOffice and LibreOffice
Hi all, after I had finished my last course I'm now starting the questioning for my Master Thesis. Some of you had listened to my presentation at LibOConf in Berlin last year. For those who could not take part in the conference I would like to repeat my request for assistance and help. I'm studying Free Software at Universitat Oberta de Catalunya (www.uoc.edu). This semester I will write my Master Thesis. This will be a case study about the office suites STAROffice, OpenOffice (former OpenOffice.org, and now Apache OpenOffice) and LibreOffice. For this research work I need as much informations I can get. In the next weeks and months I will post questions to this list (others too???) and hope for your kind aid, assistance and support by answering my questions and delivering informations I need for my work. First of all I would like to beginn with a historical review. As you all know, our roots are STAROffice which Marco Boerries started to program in 1986. I would like to ask all those people who had been part of the STAR DIVISION team to send me informations about this time, including the time after SUN had bought STAR DIVISION. best regards Veit-Dieter Am 2012-09-26 19:50, schrieb vdvogt: [tdf-discuss] Master Thesis about STAROffice, OpenOffice and LibreOffice Hi all, I'm a former student of the Free Technology Academy (www.ftacademy.org). There I began my studies of Free Software. When the FTA stopped their regular course programme end of 2011 I changed to the Universitat Oberta de Catalunya (www.uoc.edu) to finish my studies. This semester I will begin my Master Thesis. This will be a Multi Case Study about the projects STAROffice, OpenOffice and LibreOffice. For this work I need all your help and assistance, because without your informations I can't do this work. To introduce me and my work I will give a short presentation at LOConf at Berlin on Friday 2012 October 19 at 12:30h in Room 2. Please all be present. See you there... with kind regards Veit-Dieter Vogt -- Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted
RE: [tdf-discuss] LibreOffice and Java Security: OpenJDK Vulnerability
Simon has just provided a superb account of the Java security problem in an InfoWorld blog post today: http://www.infoworld.com/t/java-programming/why-fixing-the-java-flaw-will-take-so-long-210946. I find this more-technical analysis to be plausible as well, and Simon's report provides context that makes it a bit more understandable: http://lists.grok.org.uk/pipermail/full-disclosure/2013-January/089375.html. My initial concern as this game of dominoes unfolded over the past few months was that Oracle had somehow managed to lose its grip on the reliable development of Java and especially its security and safety. It is somewhat reassuring that the problems are with respect to new capabilities introduced in Java 7, offset by evidence that a concerted threat analysis was not done and that, even when a flaw was detected, the broader consequences did not appear to be recognized (or at least acknowledged). That the manner in which security flaws are handled in private can lead to rampant speculation about the competence/attitude of the software producer is not helping. There is a tendency to now treat Java as insecure until proven otherwise, where proving otherwise is a near-impossible bar to hurdle. (Look at the difficulty that Microsoft has in establishing that its products are *not* so insecure as it remains in the popular wisdom.) For users of openoffice-lineage software, I am not sure what the concern should be. Disabling java browser plugins seems prudent. It may be inevitable that web sites will cease depending on users employing such plugins with the famed Java Applet disappearing into history. That does not have so much to do with desktop software, apart from the fact that links to malicious web sites can be activated when those links are in documents or have been crafted into versions created by downstream creators of variant implementations, the ones that are carriers for malware of various kinds. It seems wise, these days, to only obtain official releases, preferably ones that are digitally signed, such as those provided by The Document Foundation. With regard to the use of Java in connection with extensions, including for database access, I think the question is more about the security and reliability of extensions, whether or not there is dependency on Java. This is about more than Java since extensions run under the privileges of the extension user and no sandbox narrows those privileges. I have no doubt that more work is required to provide some way to verify the authenticity of extensions and also assess the dependability of their providers. The more that openoffice-lineage software becomes the product of choice in attack-rewarding activities, the greater will be the urgency to have secure operation of the software and components employed with it. - Dennis -Original Message- From: Simon Phipps [mailto:si...@webmink.com] Sent: Tuesday, January 15, 2013 19:29 To: Dennis Hamilton Cc: lj; Libreoffice Discussion List Subject: Re: [tdf-discuss] LibreOffice and Java Security: OpenJDK Vulnerability I'm investigating, but the issue is a sandbox security manager bypass using unauthorised reflection and that's exploited using Rhino Javascript. So the context has to be a browser for there to be an issue even if OpenJDK is affected. See https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0422 for lots of data... S. On Tue, Jan 15, 2013 at 6:58 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: Again, thanks to Simon Phipps for retweeting the information. It appears that one should *not* assume that OpenJDK does not share vulnerabilities with the Oracle Java SE and JDK: The log of changes to OpenJDK for the recent vulnerability (just as indication of the Oracle updating of OpenJDK): http://mail.openjdk.java.net/pipermail/jdk7u-dev/2013-January/005354.html The CVE: http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html There is still reporting that this update is not a complete fix. I have not found a reliable technical source that makes clear what the remaining concern is, or if it is simply a lag in reports that have not recognized the latest patches. - Dennis -Original Message- From: Dennis E. Hamilton [mailto:dennis.hamil...@acm.org] Sent: Sunday, January 13, 2013 13:27 To: 'lj'; 'Libreoffice Discussion List' Subject: RE: [tdf-discuss] LibreOffice and Java Security: This just out: https://blogs.oracle.com/security/entry/security_alert_for_cve_2013 (Thanks to Simon Phipps for the link.) Note that the vulnerabilities only affect Oracle Java 7 versions. - Dennis -Original Message- From: lj [mailto:ljelou...@gmail.com] Sent: Saturday, January 12, 2013 19:23 To: Libreoffice Discussion List Subject: [tdf-discuss] LibreOffice and Java Security: Hi all, I am not sure if this is the correct list for this message. I recently read this article about
[tdf-discuss] Re: LibreOffice and Java Security: OpenJDK Vulnerability
On 01/15/2013 10:58 AM, Dennis E. Hamilton wrote: Again, thanks to Simon Phipps for retweeting the information. It appears that one should *not* assume that OpenJDK does not share vulnerabilities with the Oracle Java SE and JDK: The log of changes to OpenJDK for the recent vulnerability (just as indication of the Oracle updating of OpenJDK): http://mail.openjdk.java.net/pipermail/jdk7u-dev/2013-January/005354.html The CVE: http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html There is still reporting that this update is not a complete fix. I have not found a reliable technical source that makes clear what the remaining concern is, or if it is simply a lag in reports that have not recognized the latest patches. - Dennis Security releases for OpenJDK and Icedtea were released yesterday (Tues Jan 17). Of course I reckon that it will take awhile for the builds to get pushed to the distro's. http://blog.fuseyism.com/index.php/2013/01/16/security-and-browser-plugins/ http://blog.fuseyism.com/index.php/2013/01/16/security-and-browser-plugins/ -- Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted
[tdf-discuss] Re: LibreOffice and Java Security: OpenJDK Vulnerability
On 01/16/2013 10:36 AM, NoOp wrote: ... Security releases for OpenJDK and Icedtea were released yesterday (Tues Jan 17). Of course I reckon that it will take awhile for the builds to get pushed to the distro's. http://blog.fuseyism.com/index.php/2013/01/16/security-and-browser-plugins/ http://blog.fuseyism.com/index.php/2013/01/16/security-and-browser-plugins/ Sorry, looks like I have URL stutter... here is the correct second URL: http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released/ -- Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted
Re: [board-discuss] Re: 2013 budget draft - TDF Budget as of 2013-01-14
Hi all, On 16/01/2013 18:09, klaus-jürgen weghorn ol wrote: Am 16.01.2013 16:01, schrieb Marc Paré: Hi KJ Le 2013-01-16 03:08, klaus-jürgen weghorn ol a écrit : I like the idea of making a contest, but I dislike to limit it on QA. What about l10n, documentation, marketing, design and others? Let's do and budget a volunteer contest or even one (or more) prize(s) will be drawn by all contributors. Maybe we can find sponsors for some more prizes. FYI, there was a note sent to all of these groups for budgetary requests. You can find these notes on all of their lists. Most of them submitted no requests. The groups were pinged a total of 3 times. The most recent requests may be found on our wiki.[1] You can find the posts on each of the lists by searching on the term funding. I know the requests. It is ok for me when Björn as QA requests the budget for QA. My opinion isn't about the QA budget but about the contest and about community. I think it isn't a good signal to do a contest with prizes for a part of the community only. If we do a contest for QA we should also do a contest for other parts of community, either in one or in different contests. Our big point is the community and as I remember one of our first items for marketing for the next time. This should lead us not to priorize a part of community. [1] https://wiki.documentfoundation.org/Marketing/Funding_Priorities And there you find no hint about a contest for QA. And so my only intention was to complete Björn's idea for the whole community. I agree with you. The issue is that several projects are not structured like the QA one, or for the NL projects, are disseminated over several tasks that are not specifics to one subproject and so they don't see how to answer/handle such a request for funds. You idea, or Björn one, is very good, but need some organization before being submitted to the rest of the community. Mostly it's a matter of close communication with the projects. Kind regards Sophie -- Sophie Gautier sophie.gaut...@documentfoundation.org Tel:+33683901545 Membership Certification Committee Member - Co-founder The Document Foundation
Re: [tdf-discuss] Budget TDF 20013
Hi Sophie, I guess you sent this message to the wrong discuss ML. :-) Best regards. JBF Le 16/01/2013 13:35, Sophie Gautier a écrit : Bonjour, Pour information, Florian a travaillé sur le budget 2013 de la fondation. Depuis le lancement de la campagne de fonds, nous avons reçu environ 60 000 Euros de dons. Merci à tous ceux qui participent et ont participé :) Le budget prévisionnel (encore en rédaction) est disponible ici : https://wiki.documentfoundation.org/File:Tdfbudget2013.pdf Le mail original de Florian (que je n'ai pas traduit) est ici : http://listarchives.documentfoundation.org/www/board-discuss/msg02957.html N'hésitez pas si vous avez des questions. À bientôt Sophie -- Seuls des formats ouverts peuvent assurer la pérennité de vos documents. -- Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted