openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carl Marcum <>
Subject Re: [PACKAGING 4.1.2-patch1 Binaries] (was RE: [TESTING] Applying openoffice-4.1.2-patch1 for Windows)
Date Tue, 09 Aug 2016 11:23:20 GMT
On 08/05/2016 12:28 PM, Dennis E. Hamilton wrote:
> Branching off the part that is not about the Windows 4.1.2-patch1 [TESTING].
>> -----Original Message-----
>> From: Marcus []
>> Sent: Thursday, August 4, 2016 15:52
>> To:
>> Subject: Re: [TESTING] Applying openoffice-4.1.2-patch1 for Windows
>> Am 08/05/2016 12:26 AM, schrieb Kay Schenk:
> [ ... ]
>>> hmmm...well no zips for Mac, Linux32, or Linux 64 -- yet.
>>> Should we get started on these?
>> it depends what we want that they should contain. The ZIP file for
>> Windows contains a LICENSE and NOTICE file as well as an ASC file for
>> the DLL. As it is only a patch IMHO we don't need to provide another
>> LICENSE and NOTICE file which is already available in the OpenOffice
>> installation. Also the ASC is not necessary as we provide it already
>> (together with MD5 and SHA256) for the whole ZIP file.
> [orcmid]
> I think there is a misunderstanding.  Two matters:
>   1. The use of LICENSE is required by the ALv2 itself, and the ASF practice is to include
NOTICE as well on binary distributions.  The patch qualifies, especially when it is moved
to general distribution.  It is also easy and harmless to provide.
>   2. The reason for preserving the .asc on the shared-library binary is because it authenticates
with respect to who produced it and establishes that it has not been modified as supplied
in the package (or as the result of some glitch in creation of the Zip).  It provides a level
of accountability and, also, auditability.
> Even though few people will check all of these, they remain possible to be checked. 
Since this is a matter of security vulnerabilities and involves elevation of privilege to
perform, I believe it is important to demonstrate diligence and care, so that users have confidence
in this procedure to the extent they are comfortable.  Also, if it becomes necessary to troubleshoot
a problem with these patch applications, we have the means to authenticate what they are using
to ensure there are no counterfeits being offered to users.
>> That means that only the README and library file remains.
>> When the README for Windows keep its length then I don't want to copy
>> this on the dowload webpage. ;-)
>> So, when we put the README for all platforms in their ZIP files then we
>> can just put a pointer to it on the download webpage and thats it.
> [orcmid]
> Yes, that seems like a fine idea.  The README can be linked the same way the .md5, .sha256,
and .asc are linked.
> Also, the README may become simpler if we can link to some of the information and not
have so much detail in the README text itself.  It might even be useful to have an .html README
for that matter.  But that is all extra.  Right now I think we want to get into the testing
and see how to smooth what we have.
> PS: A friend of mine is looking into the MacOSX situation.  He points out that one can
use the Finder to do the job without users having to use Terminal sessions.  I don't have
further information at this time.
> PPS: The inclusion of scripts that do the job is also worthy of consideration, perhaps
making it unnecessary to build executables.  I will be looking at finding a .bat file that
works safely for the Windows case.  That can make the instructions much shorter :).
>> To cut a long story short:
>> I would say yes for a ZIP file for every platform.
> [ ... ]

Could we use a cross-platform installer like izpack [1]?

I started trying it out last weekend and it looks like it could do the 
job of running a rename script and copying in the library.

A few notes.

It can:
display a readme to explain what will happen.
display our license for acceptance.
run a script depending on platform.
Copy in files based on platform.

Requires Java on the machine to run installer.
Also the user need to be able to use a file chooser to find the AOO 

If so I will continue to pursue this but may need so help with the 
scripts and testing.



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message