On 08/02/2016 10:04 AM, Marcus wrote:
> Am 08/02/2016 05:28 PM, schrieb Kay Schenk:
>>
>>
>> On 08/01/2016 07:38 PM, Dennis E. Hamilton wrote:
>>>
>>>
>>>> -----Original Message-----
>>>> From: Kay Schenk [mailto:kay.sch...@gmail.com]
>>>> Sent: Monday, August 1, 2016 15:43
>>>> To: dev@openoffice.apache.org
>>>> Subject: Re: Officially releasing a patch for CVE-2016-1513
>>>>
>>>>
>>>> On 07/31/2016 05:17 PM, Dennis E. Hamilton wrote:
>>>>>
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Kay sch...@apache.org [mailto:ksch...@apache.org]
>>>>>> Sent: Sunday, July 31, 2016 14:42
>>>>>> To: dev@openoffice.apache.org
>>>>>> Subject: Re: Officially releasing a patch for CVE-2016-1513
>>>>>>
>>>>>> OK, I think I'm done with the LInux64 bit area as well.
>>>>>>
>>>>>> And see below ....
>>>>>>
>>>>>>
>>>>>> On 07/31/2016 01:10 PM, Marcus wrote:
>>>>> [ ... ]
>>>>>>> I'm preparing the hotfix webpage. For this I've some questions:
>>>>>>>
>>>>>>> 1. Do we want to provide zip files for every platform or just single
>>>>>>> files for the library and other files?
>>>>>>
>>>>>> Hmmmm... I assumed we would just be point people directly at
>>>>>> /dist/release/openoffice/patches.
>>>>>> (Right now, these are in /dist/dev/openoffice/patches.)
>>>>>>
>>>>>> It would be easiest to just setup the hotfix page with three links
>>>> per
>>>>>> distro.
>>>>>>
>>>>>> Linux32
>>>>>> * link to Linux32.README
>>>>>> * link to linux32 libtl.so
>>>>>> * link to linux32 libtl.so.asc (sig)
>>>>>>
>>>>>> etc.
>>>>>>
>>>>>> If not, the READMEs I wrote will need to change.
>>>>> [orcmid]
>>>>>
>>>>> I recommend there should be single-file (e.g., Zip) distributions,
>>>> just like all other binaries. That gives just one thing to download.
>>>> The MD5, SHA512, and ASC signatures should be on the whole package and
>>>> stay in the dev/ and release/ folders, just as they are on download
>>>> pages. (The ASC signatures on the individual library-file binaries
>>>> should be inside the package.) I suspect, on the dev/ side, we might
>>>> need copies of the READMEs alongside the archives, and revised more
>>>> regularly,
>>>>
>>>> I was Ok up to this statement. Are you saying INCLUDE the readmes in
>>>> the
>>>> zip package but leave them outside of where they now are? If we want
>>>> signed zip files, can't we just leave the files we have now in:
>>>>
>>>> https://dist.apache.org/repos/dist/dev/openoffice/4.1.2-patch1/binaries/
>>>>
>>>>
>>>> but zip them up as well, inlcuding the READMEs?
>>>> Or, are you saying at distribution time, remove the libraries and their
>>>> sigs Btu leave the README files?
>>>> We have these in their own labeled area -- 4.1.2-patch1 -- so I don't
>>>> see a problem with just leaving everything there.
>>>>
>>> [orcmid]
>>>
>>> I'll do what I mean by example when I upload the Windows case by
>>> tomorrow morning, at the latest.
>>>
>>> Then it will be easier to talk about it.
>>>
>>> - Dennis
>>>
>>
>> OK, great...it's looks like we are still lacking a MacOSX README. Any
>> volunteers?
>> Even if you can't or don't want to commit to:
>> https://dist.apache.org/repos/dist/dev/openoffice/4.1.2-patch1/binaries/
>>
>> Please send to this list as a ".txt" attachment and we should be able to
>> receive it.
>>
>> Thanks in advance for your help.
>
> OK, I'll give you (the Mac experts) a starting point:
>
> 1. Make sure that OpenOffice is not running.
> 2. Open a terminal and unpack the downloaded file (e.g., with Archive
> Utility or WinZip Mac Edition) to an easily locatable path.
> 3. Open the Finder App - or another file manager of your choice.
> 4. Locate the installation path of OpenOffice (e.g.,
> "/Applications/Utilities/OpenOffice4/program/").
> 5. Rename the old file "libtl.dylib" to "libtl.dylib.original" to keep a
> backup.
> 6. Copy the new file from the unpacked Zip file to the installation path
> (e.g, "/Desktop/libtl.dylib" -->
> "/Applications/Utilities/OpenOffice4/program/").
>
> Yes, it's not complete and maybe a bit incorrect. But better this than
> nothing. :-P
>
> Marcus
Thank you, Marcus! Much appreciated. I can see I need to change the
numbering scheme I used to be consistent with our others.
>
>
>
>>>>> so they can be reviewed and revised easily as we get QA and trial use.
>>>> When we move over to release/ we might want to do the same, even though
>>>> the README is in the archive, so that people can read it without
>>>> downloading the package.
>>>>>
>>>>> Finally, please use README.txt, etc., so that line-ending adjustments
>>>> will happen properly when folks move these in and out of SVN and also
>>>> out of archive files. This will also help browsers when folks retrieve
>>>> these directly from the repository.
>>>>>
>>>>> PS: If we are concerned about the README.txt outside of the archive
>>>> being authenticated, it can have an embedded PGP signature. (Then the
>>>> final archive-internal one would be a copy of the signed README.txt --
>>>> no biggie, nice chain of custody).
>>>>>
>>>>> [ ... ]
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
> For additional commands, e-mail: dev-h...@openoffice.apache.org
>
--
--------------------------------------------
MzK
"Time spent with cats is never wasted."
-- Sigmund Freud
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org
