<orcnote> below. -----Original Message----- From: Knut H Flottorp [mailto:khflott...@gmail.com] Sent: Saturday, October 11, 2014 15:42 To: dev@openoffice.apache.org Subject: Updates
Just a brief note: Please, can we leave it now to Microsoft to distribute “Security Updates” - unless the fix is related to just security. There are and always will be “bugs” out there, and these must be fixed. But most bugs are not related to security, nothing is compromised if you do not apply the fix, nothing is risked, except that your software may become more stable and robust. If Open Office provide security such as encryption of documents, password locks, digital certificates - and the use of these is threatened and has been fixed, then it is a “Security fix”, but most bugs are not related to security here and the term should not be abused. <orcmid> This is rather vague. Are you referring to the fact that AOO 4.1.1 includes 2 security fixes? There are also security fixes when there is a *vulnerability* that has been exposed in AOO. These repairs generally come out as part of a regular update and that is what those two are about. That is a different class of bug. In general, specific details of the vulnerability that is removed are provided in separate notices separate from the usual release notes. It does appear that the security bulletins have not been updated for 4.1.1 as promised though: <https://www.openoffice.org/security/bulletin.html>. This may be intentional if there is need to ensure that other software having the same vulnerability needs time to update before the vulnerability is disclosed. Fixes to privacy and security related features need not be security fixes in that sense. For example, addition of XAdES support to the handling of digitally-signed documents would simply be release of a feature. (It is unfortunate that passwords on protection locks are still identified as security features. They are not. See <https://tools.oasis-open.org/version-control/svn/oic/Advisories/00009-ProtectionKeySafety/trunk/description.html>.) </orcmid> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
