Severity: important
Description:
Apache OpenOffice supports the storage of passwords for web connections in the
user's configuration database. The stored passwords are encrypted with a single
master key provided by the user. A flaw in OpenOffice existed where master key
was poorly encoded resu
> -Original Message-
> From: Kay Schenk [mailto:kay.sch...@gmail.com]
> Sent: Tuesday, August 2, 2016 14:11
> To: dev@openoffice.apache.org
> Subject: Re: svn commit: r14616 - /release/openoffice/KEYS
>
> I actually did that before I did this commit. Is there some
it tied to your
> account record and thereafter appearing on the general list of committer PGP
> keys will be important. Then your key can be found on
> <http://people.apache.org/keys/committer/> as well as automatically-populated
> KEYS files.
>
> - Dennis
>
&
Kay,
Please add your Key Fingerprint to your account record on id.apache.org.
Although this commit is tied to your Apache ID, having it tied to your account
record and thereafter appearing on the general list of committer PGP keys will
be important. Then your key can be found on
<h
ache_OpenOffice_4.0.0_Linux_x86-64_install-rpm_en-US.tar.gz.asc
>>> > against my download. I downloaded the KEYS using: wget
>>> > http://www.apache.org/dist/openoffice/KEYS Then I imported the keys.
>>> >
>>> > But when I ran gpg --verify it said:
&g
; > against my download. I downloaded the KEYS using: wget
>> > http://www.apache.org/dist/openoffice/KEYS Then I imported the keys.
>> >
>> > But when I ran gpg --verify it said:
>> >
>> > $ gpg --verify
>> > Apache_OpenOffice_4.0.0_Li
j...@apache.org has granted Regina Henschel 's request
for 4.0.0_release_blocker:
Bug 122529: [sidebar] Math OLE cannot be moved with arrow keys
https://issues.apache.org/ooo/show_bug.cgi?id=122529
--- Additional Comments from j...@apache.org
grant showstopper flag, it's fix
On Tue, Apr 30, 2013 at 5:59 AM, Daniel Shahaf wrote:
> (note CC list)
>
> Dennis E. Hamilton wrote on Mon, Apr 29, 2013 at 18:56:01 -0700:
> > @Daniel,
> >
> > Right, this is about poisoning the committer keys but not touching the
> > SVN, instead, counterfe
(note CC list)
Dennis E. Hamilton wrote on Mon, Apr 29, 2013 at 18:56:01 -0700:
> @Daniel,
>
> Right, this is about poisoning the committer keys but not touching the
> SVN, instead, counterfeiting a binary release downstream, but faking
> the asc, md5, and sha1 too. (These would
On Apr 29, 2013, at 6:56 PM, Dennis E. Hamilton wrote:
> @Daniel,
>
> Right, this is about poisoning the committer keys but not touching the SVN,
> instead, counterfeiting a binary release downstream, but faking the asc, md5,
> and sha1 too. (These would not be at dist, and
@Daniel,
Right, this is about poisoning the committer keys but not touching the SVN,
instead, counterfeiting a binary release downstream, but faking the asc, md5,
and sha1 too. (These would not be at dist, and depend on folks not noticing
because the instructions for how to check correctly
Dennis E. Hamilton wrote on Mon, Apr 29, 2013 at 10:31:14 -0700:
> 5. This is sufficient to poison a download mirror site with
> a counterfeit download so long as the ASC, SHA1, and MD5 locations
> can also be spoofed without the user noticing.
Right. The normal answer here is "They will hav
be used to change the
forwarding e-mail address and add/replace the PGP public key fingerprint of the
committer.
3. A rogue public key will then end up in
<https://people.apache.org/keys/group/openoffice.asc>. This is the file that
users are instructed to import keys from in order to
13 matches
Mail list logo
