Re: Officially releasing a patch for CVE-2016-1513

2016-07-25 Thread Kay sch...@apache.org
+1 this looks like a good plan On 07/24/2016 02:37 PM, Andrea Pescetti wrote: > While the severity of the security bug we disclosed > http://www.openoffice.org/security/cves/CVE-2016-1513.html is not > particularly high (it is classified as "Medium" with no known exploits > and anti-virus

Re: Officially releasing a patch for CVE-2016-1513

2016-07-25 Thread Marcus
Am 07/25/2016 12:45 AM, schrieb Dennis E. Hamilton: The patched DLL is shipped with an external digital signature. I guess we could ask that to be installed alongside it. That would be a good tell-tale. The web site where the patch is downloadable from will have hashes for the archive

Re: Officially releasing a patch for CVE-2016-1513

2016-07-25 Thread Marcus
Thanks for the list. Apart from the differences thing it looks good to me. Marcus Am 07/24/2016 11:37 PM, schrieb Andrea Pescetti: While the severity of the security bug we disclosed http://www.openoffice.org/security/cves/CVE-2016-1513.html is not particularly high (it is classified as

Re: Editing Download page

2016-07-25 Thread Marcus
It seems I had a problem with receiving mails from MLs. E.g., I've seen Andrea's mail only in the archives. I'll work them in. Anybody else? If not, then I would publish in a few hours what we have now. Marcus Am 07/24/2016 11:23 PM, schrieb Marcus: Am 07/24/2016 06:25 PM, schrieb Dennis

Re: Editing Download page

2016-07-25 Thread Patricia Shanahan
On 7/24/2016 1:59 PM, JZA wrote: I would also suggest to revisit the intro programs for development which were put on hold indefinetly and at the momento there is really no good way to 'learn' the AOO sourcecode. Even if we were hiring full time programmers, AOO is too big for learning the

Re: Editing Download page

2016-07-25 Thread Kay Schenk
On Sun, Jul 24, 2016 at 1:59 PM, JZA wrote: > I would also suggest to revisit the intro programs for development which > were put on hold indefinetly and at the momento there is really no good way > to 'learn' the AOO sourcecode. > "Intro" programs? What are these?​ ​I

The Windows buildbot saga

2016-07-25 Thread Damjan Jovanovic
Hi In build 380, with bootstrapping succeeding and VCVARS32.BAT deleted, aoo-win7 got far with the build, but apparently hung on "sc deliver" until it was killed after 2 seconds with no output. A subsequent build failed to delete apr/Makefile.win which Infra found DEVENV had locked again.

Re: ./bootstrap: LWP::Protocol::https replaced by java.net.URLConnection

2016-07-25 Thread Damjan Jovanovic
On Sun, Jul 24, 2016 at 7:43 PM, Patricia Shanahan wrote: > On 7/24/2016 10:24 AM, Damjan Jovanovic wrote: > ... > >> So how do we download files now? >> >> Java. Java supports https:// out of the box, is very portable between >> operating systems and CPUs, uses its own root CA