On 08/09/2016 02:12 PM, Kay Schenk wrote: > [top posting] > I'm in the process of trying to "sync" instructions for Linux32, > Linux64, and MacOSX at the moment. As far as instructions on the actual > HOTFIX page, we need to have just a "general" instruction for ALL zips > that simply says -- "Unzip this package to some folder of your choosing > and read the README that's included." Everything else should be in the > various READMEs for each platform. > > I should be done with all edits by this evening for a final review > before zipping and signing.
Ok, I've now moved on to creating zip files, etc for Linux32, Linux64 and Mac. My openssl version on does NOT supply digest sha256. Is it OK to use sha1? MD5 already computed for each of these. > > On 08/05/2016 09:28 AM, Dennis E. Hamilton wrote: >> Branching off the part that is not about the Windows 4.1.2-patch1 [TESTING]. >> >>> -----Original Message----- >>> From: Marcus [mailto:marcus.m...@wtnet.de] >>> Sent: Thursday, August 4, 2016 15:52 >>> To: dev@openoffice.apache.org >>> Subject: Re: [TESTING] Applying openoffice-4.1.2-patch1 for Windows >>> >>> Am 08/05/2016 12:26 AM, schrieb Kay Schenk: >> [ ... ] >>>> >>>> hmmm...well no zips for Mac, Linux32, or Linux 64 -- yet. >>>> >>>> Should we get started on these? >>> >>> it depends what we want that they should contain. The ZIP file for >>> Windows contains a LICENSE and NOTICE file as well as an ASC file for >>> the DLL. As it is only a patch IMHO we don't need to provide another >>> LICENSE and NOTICE file which is already available in the OpenOffice >>> installation. Also the ASC is not necessary as we provide it already >>> (together with MD5 and SHA256) for the whole ZIP file. >> [orcmid] >> >> I think there is a misunderstanding. Two matters: >> >> 1. The use of LICENSE is required by the ALv2 itself, and the ASF practice >> is to include NOTICE as well on binary distributions. The patch qualifies, >> especially when it is moved to general distribution. It is also easy and >> harmless to provide. >> >> 2. The reason for preserving the .asc on the shared-library binary is >> because it authenticates with respect to who produced it and establishes >> that it has not been modified as supplied in the package (or as the result >> of some glitch in creation of the Zip). It provides a level of >> accountability and, also, auditability. >> >> Even though few people will check all of these, they remain possible to be >> checked. Since this is a matter of security vulnerabilities and involves >> elevation of privilege to perform, I believe it is important to demonstrate >> diligence and care, so that users have confidence in this procedure to the >> extent they are comfortable. Also, if it becomes necessary to troubleshoot >> a problem with these patch applications, we have the means to authenticate >> what they are using to ensure there are no counterfeits being offered to >> users. >>> >>> That means that only the README and library file remains. >>> >>> When the README for Windows keep its length then I don't want to copy >>> this on the dowload webpage. ;-) >>> >>> So, when we put the README for all platforms in their ZIP files then we >>> can just put a pointer to it on the download webpage and thats it. >> [orcmid] >> >> Yes, that seems like a fine idea. The README can be linked the same way the >> .md5, .sha256, and .asc are linked. >> >> Also, the README may become simpler if we can link to some of the >> information and not have so much detail in the README text itself. It might >> even be useful to have an .html README for that matter. But that is all >> extra. Right now I think we want to get into the testing and see how to >> smooth what we have. >> >> PS: A friend of mine is looking into the MacOSX situation. He points out >> that one can use the Finder to do the job without users having to use >> Terminal sessions. I don't have further information at this time. >> >> PPS: The inclusion of scripts that do the job is also worthy of >> consideration, perhaps making it unnecessary to build executables. I will >> be looking at finding a .bat file that works safely for the Windows case. >> That can make the instructions much shorter :). >> >>> >>> To cut a long story short: >>> I would say yes for a ZIP file for every platform. >> [ ... ] >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org >> For additional commands, e-mail: dev-h...@openoffice.apache.org >> > -- Kay Schenk Apache OpenOffice ---------------------------------------- "Things work out best for those who make the best of the way things work out." -- John Wooden --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
