openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <dennis.hamil...@acm.org>
Subject RE: [PATCH DOWNLOAD] Draft for the hotfix webpage
Date Thu, 18 Aug 2016 23:09:13 GMT


> -----Original Message-----
> From: Marcus [mailto:marcus.mail@wtnet.de]
> Sent: Thursday, August 18, 2016 14:40
> To: dev@openoffice.apache.org
> Subject: Re: [PATCH DOWNLOAD] Draft for the hotfix webpage
> 
> Am 08/15/2016 11:40 PM, schrieb Dennis E. Hamilton:
> >
> >> -----Original Message-----
> >> From: Marcus [mailto:marcus.mail@wtnet.de]
> >> Sent: Monday, August 15, 2016 13:43
> >> To: dev@openoffice.apache.org
> >> Subject: Re: [PATCH DOWNLOAD] Draft for the hotfix webpage
> >>
> >> Am 08/15/2016 09:10 PM, schrieb Dennis E. Hamilton:
> >>>
> >>>> -----Original Message-----
> >>>> From: Kay Schenk@apache.org [mailto:kschenk@apache.org]
> >>>> Sent: Monday, August 15, 2016 08:59
> >>>> To: dev@openoffice.apache.org
> >>>> Subject: Re: [PATCH DOWNLOAD] Draft for the hotfix webpage
> >>>>
> >>>> On 08/13/2016 02:16 PM, Marcus wrote:
> >>>>> As we have now the patched library file and Readme for all
> >> platforms,
> >>>>> IMHO not much more is needed to go public with the hotfix.
> Therefore
> >>>>> I've created a draft version of the hotfix download webpage:
> >>>>>
> >>>>> http://dist.apache.org/repos/dist/dev/openoffice/4.1.2-
> >>>> patch1/hotfix.html
> >>>>>
> >>>>> Please review and tell me your feedback.
> >>> [orcmid]
> >>>
> >>> I have a number of items.  I can fix the URLs in (2) below after I
> >> have updated the Windows set.
> >>>
> >>>     1. This is worded as if it is the advisory.  I assume this is,
> >> rather, something that should be linked to from an update of the
> >> advisory.  I request that it be a description of the HotFix.  It
> could
> >> link to the advisory, of course.  RECOMMENDATION: Have the emphasis
> be
> >> on this describing release of the hotfix for CVE-2016-1513.
> >>
> >> OK, seems indeed not clear enough.
> >>
> >>>     2. Download and Installation.  Currently, this page is at
> >>> <https://dist.apache.org/repos/dist/dev/openoffice/4.1.2-
> >> patch1/hotfix.html>.  It has *ABSOLUTE* URLs to the binaries and
> source
> >> and the various hashes.  WHEN GENERAL DISTRIBUTION OCCURS, this page
> and
> >> all of the binaries and source pages will be at
> >>> <https://archive.apache.org/dist/openoffice/4.1.2-patch1>.
> >>
> >> Please remember that it's just a draft of what is available at the
> >> moment. ;-) That's why the URLs for source and binaries differ
> already.
> >> Of course all URLs will change when everything is available at dist/
> and
> >> no longer dev/.
> >>
> >> RECOMMENDATION: In the Download&   Installation table, make all URLS
> >> *RELATIVE* to the HotFix page, since when it is staged to release and
> >> then to archive, the links will always work.
> >>>        NOTE. When we make general distribution, we stage the HotFix
> >> HTML page and the binaries subfolder to
> >>> <https://dist.apache.org/repos/dist/release/openoffice/4.1.2-patch1>
> >> using SVN copies.  In 24-48 hours or so that material will show up
> >> automatically on archive.apache.org and we can make the general
> >> distribution announcement.  The dist.apache.org materials can be
> removed
> >> when that happens.  WARNING. The Windows material is not ready, and
> some
> >> renaming will happen.  That should all be done by the end of Tuesday
> >> (GMT).
> >>
> >> The current location of the hotfix webpage is of course is not the
> final
> >> one. It will be there where the other webpages are: at w.oo.o.
> >>
> >> I've just put it into SVN to have it not yet on the public OO
> website.
> > [orcmid]
> >
> > LOL.  I thought that is where you wanted to keep it [;<).  Because it
> is so specific to this HotFix, I think it would be great to leave it
> with the downloads and the archive.apache.org site, but link to it from
> openoffice.org.
> >
> >>
> >>>     3. Next Step under Download and Installation.  The README for
> >> Windows addresses the way to Unzip and provides important information
> >> about how the extract is into a folder of a default-determined name.
> I
> >> don't know if the others provide comparable information and/or
> operating
> >> from a terminal is assumed.
> >>
> >> Yes, more (Linux) or less (Mac) it should be comparable.
> >>
> >>>     4. How to verify the download&   installation.  Verifying the
> Zip is
> >> sufficient.  The table does not identify the files those check cases
> are
> >> from so it is not at all clear what value this is.  RECOMMENDATION:
> If
> >> it is valuable, we should include the additional hashes inside the
> Zips,
> >> and provide the size and time stamp information in the individual
> README
> >> files.
> >>
> >> Yes, right. "Old file" and "New file" is for sure not exact enough
> which
> >> file it is about. And the other file-based data can be moved to the
> >> Readme's, too.
> >>
> >>   >  That way there is no redundancy and the information is
> maintained in
> >>   >  exactly one place.
> >>
> >> <nitpicker>
> >> Ahm, no. ;-) At the moment we have it at a single place. When we
> split
> >> it into the 4 Readme's then we have 4 places to maintain.
> >> </nitpicker>
> >>
> >> But at the end you are right. The webpage contains some details that
> >> should be moved to the respective Readme.
> >>
> >> I'll finish the changes when I'm back from a trip on Thursday or
> Friday.
> 
> I want to change my mind:
> Let's skip these changes and keep this in mind for the next time. I just
> would do the Readme changes - that I've already suggested in a previous
> mail - for Mac and both Linux *outside* of the ZIP file.
> 
> And then let's do the release. Otherwise we would go another leap and
> another one and ... ;-)
> 
> What do you think?
[orcmid] 

As you've seen, I did fix the links in the Hotfix.html page at the same time as I added the
shortened names that are now used in the 0.2.0 Beta binary for Windows.  So that page can
move with the staging of the binaries from dev to release (and automatically to archive).

I have made all of the changes necessary to update the Windows 0.2.0 Beta to a 1.0.0 release
candidate or whatever we want to call a candidate for general availability.

I can get that done in about 15 minutes.  I have been holding back until there seem to be
no more changes and I can go ahead and Zip things up and provide the necessary signatures
and hashes.

Let me know when you are ready and I will respond as soon as I see your message (allowing
for our sleep periods being offset about 9 hours [;<).

 - Dennis




> 
> Marcus
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org


Mime
View raw message