Re: [tdf-discuss] Re: Security Advisories

2012-03-23 Thread Thorsten Behrens
Simon Phipps wrote: > In my view all that's gone wrong this time is that the CVE was not > listed in the release announcement. That should probably be fixed > next time. > Hi Simon, all, well - it's not that easy. The rationale to act as we did was this: We wanted to release 3.4.6 as early as pos

Re: [tdf-discuss] Re: Security Advisories

2012-03-23 Thread Simon Phipps
On 23 Mar 2012, at 18:13, NoOp wrote: > > I think that you and Simon are missing the message I was attempting to > convey. I'll repeat my original question: > > Why is it that "security advisories" such as this: > > https://www.libreoffice.org/advisories/CVE-2012-0037/ > > are not posted on th

[tdf-discuss] Re: Security Advisories

2012-03-23 Thread NoOp
On 03/23/2012 05:24 AM, Christian Lohmaier wrote: > Hi NoOp, > > On Fri, Mar 23, 2012 at 2:56 AM, NoOp wrote: >> On 03/22/2012 06:31 PM, Italo Vignoli wrote: >>> NoOp wrote: >>> It would be nice if someone 'official' (ala TDF) could post the CVE-2012-0037 notice on both the user and ann

RE: [tdf-discuss] Re: Security Advisories

2012-03-23 Thread Dennis E. Hamilton
maier Sent: Friday, March 23, 2012 05:24 To: discuss@documentfoundation.org Subject: Re: [tdf-discuss] Re: Security Advisories Hi NoOp, On Fri, Mar 23, 2012 at 2:56 AM, NoOp wrote: > On 03/22/2012 06:31 PM, Italo Vignoli wrote: >> NoOp wrote: >> >>> It would be nice if someo

Re: [tdf-discuss] Re: Security Advisories

2012-03-23 Thread Robert Derman
NoOp wrote: On 03/22/2012 06:31 PM, Italo Vignoli wrote: NoOp wrote: It would be nice if someone 'official' (ala TDF) could post the CVE-2012-0037 notice on both the user and announce lists. It is now reported on the blog post. Well just how many users are subscribed to

Re: [tdf-discuss] Re: Security Advisories

2012-03-23 Thread Christian Lohmaier
Hi NoOp, On Fri, Mar 23, 2012 at 2:56 AM, NoOp wrote: > On 03/22/2012 06:31 PM, Italo Vignoli wrote: >> NoOp wrote: >> >>> It would be nice if someone 'official' (ala TDF) could post the >>> CVE-2012-0037 notice on both the user and announce lists. The public was not supposed to know of this CVE

Re: [tdf-discuss] Re: Security Advisories

2012-03-22 Thread Simon Phipps
On 23 Mar 2012, at 01:56, NoOp wrote: > Are these the posts that you are referring to? > That one now has a link to the CVE as the embargo has been lifted. >

[tdf-discuss] Re: Security Advisories

2012-03-22 Thread NoOp
On 03/22/2012 06:31 PM, Italo Vignoli wrote: > NoOp wrote: > >> It would be nice if someone 'official' (ala TDF) could post the >> CVE-2012-0037 notice on both the user and announce lists. > > It is now reported on the blog post. > Well just how many users are subscribed to a blog post? Nor do