openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kay Schenk <kay.sch...@gmail.com>
Subject Re: [PACKAGING 4.1.2-patch1 Binaries] (was RE: [TESTING] Applying openoffice-4.1.2-patch1 for Windows)
Date Fri, 12 Aug 2016 16:21:00 GMT
On Thu, Aug 11, 2016 at 3:27 PM, Marcus <marcus.mail@wtnet.de> wrote:

> Am 08/11/2016 09:50 PM, schrieb Kay Schenk@apache.org:
>
>>
>> On 08/09/2016 02:12 PM, Kay Schenk wrote:
>>
>>> [top posting]
>>> I'm in the process of trying to "sync" instructions for Linux32,
>>> Linux64, and MacOSX at the moment. As far as instructions on the actual
>>> HOTFIX page, we need to have just a "general" instruction for ALL zips
>>> that simply says -- "Unzip this package to some folder of your choosing
>>> and read the README that's included." Everything else should be in the
>>> various READMEs for each platform.
>>>
>>> I should be done with all edits by this evening for a final review
>>> before zipping and signing.
>>>
>>
>> Ok, I've now moved on to creating zip files, etc for Linux32, Linux64
>> and Mac.
>>
>> My openssl version on does NOT supply digest sha256. Is it OK to use
>> sha1? MD5 already computed for each of these.
>>
>
> I like to have it consistent for all platforms. Therefore I'll check the
> ZIPs and deliver the sha256 hash files.
>
> Marcus


​Thanks a bunch Marcus!
​


>
>
>
>
> On 08/05/2016 09:28 AM, Dennis E. Hamilton wrote:
>>>
>>>> Branching off the part that is not about the Windows 4.1.2-patch1
>>>> [TESTING].
>>>>
>>>> -----Original Message-----
>>>>> From: Marcus [mailto:marcus.mail@wtnet.de]
>>>>> Sent: Thursday, August 4, 2016 15:52
>>>>> To: dev@openoffice.apache.org
>>>>> Subject: Re: [TESTING] Applying openoffice-4.1.2-patch1 for Windows
>>>>>
>>>>> Am 08/05/2016 12:26 AM, schrieb Kay Schenk:
>>>>>
>>>> [ ... ]
>>>>
>>>>>
>>>>>> hmmm...well no zips for Mac, Linux32, or Linux 64 -- yet.
>>>>>>
>>>>>> Should we get started on these?
>>>>>>
>>>>>
>>>>> it depends what we want that they should contain. The ZIP file for
>>>>> Windows contains a LICENSE and NOTICE file as well as an ASC file for
>>>>> the DLL. As it is only a patch IMHO we don't need to provide another
>>>>> LICENSE and NOTICE file which is already available in the OpenOffice
>>>>> installation. Also the ASC is not necessary as we provide it already
>>>>> (together with MD5 and SHA256) for the whole ZIP file.
>>>>>
>>>> [orcmid]
>>>>
>>>> I think there is a misunderstanding.  Two matters:
>>>>
>>>>   1. The use of LICENSE is required by the ALv2 itself, and the ASF
>>>> practice is to include NOTICE as well on binary distributions.  The patch
>>>> qualifies, especially when it is moved to general distribution.  It is also
>>>> easy and harmless to provide.
>>>>
>>>>   2. The reason for preserving the .asc on the shared-library binary is
>>>> because it authenticates with respect to who produced it and establishes
>>>> that it has not been modified as supplied in the package (or as the result
>>>> of some glitch in creation of the Zip).  It provides a level of
>>>> accountability and, also, auditability.
>>>>
>>>> Even though few people will check all of these, they remain possible to
>>>> be checked.  Since this is a matter of security vulnerabilities and
>>>> involves elevation of privilege to perform, I believe it is important to
>>>> demonstrate diligence and care, so that users have confidence in this
>>>> procedure to the extent they are comfortable.  Also, if it becomes
>>>> necessary to troubleshoot a problem with these patch applications, we have
>>>> the means to authenticate what they are using to ensure there are no
>>>> counterfeits being offered to users.
>>>>
>>>>>
>>>>> That means that only the README and library file remains.
>>>>>
>>>>> When the README for Windows keep its length then I don't want to copy
>>>>> this on the dowload webpage. ;-)
>>>>>
>>>>> So, when we put the README for all platforms in their ZIP files then
we
>>>>> can just put a pointer to it on the download webpage and thats it.
>>>>>
>>>> [orcmid]
>>>>
>>>> Yes, that seems like a fine idea.  The README can be linked the same
>>>> way the .md5, .sha256, and .asc are linked.
>>>>
>>>> Also, the README may become simpler if we can link to some of the
>>>> information and not have so much detail in the README text itself.  It
>>>> might even be useful to have an .html README for that matter.  But that is
>>>> all extra.  Right now I think we want to get into the testing and see how
>>>> to smooth what we have.
>>>>
>>>> PS: A friend of mine is looking into the MacOSX situation.  He points
>>>> out that one can use the Finder to do the job without users having to use
>>>> Terminal sessions.  I don't have further information at this time.
>>>>
>>>> PPS: The inclusion of scripts that do the job is also worthy of
>>>> consideration, perhaps making it unnecessary to build executables.  I will
>>>> be looking at finding a .bat file that works safely for the Windows case.
>>>> That can make the instructions much shorter :).
>>>>
>>>>
>>>>> To cut a long story short:
>>>>> I would say yes for a ZIP file for every platform.
>>>>>
>>>> [ ... ]
>>>>
>>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: dev-help@openoffice.apache.org
>
>


-- 
----------------------------------------------------------------------
MzK

"Time spent with cats is never wasted."
                                -- Sigmund Freud

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message