On Wed, Oct 1, 2014 at 11:55 AM, Michael Meeks
<michael.meeks@collabora.com> wrote:
Dear Nicholas,
On Tue, 2014-09-30 at 17:19 -0400, nicholas ferguson wrote:
I duplicated their directory structure. And my build still failed.
Grief; we should certainly document turning off AV more prominently.
Listed quite prominently in the windows build instructions. And *any*
AV-solution that blocks access should popup a corresponding
message/indicator that it did so.
Ideally we could find a reproducer that we could check during configure
and print out:
Nope, that won't help. If the user is ignoring the system's messages,
why should he read ours?
And checking whether virus solution xy is running probably is a
surefire way to get detected as malicious beforehand so you won't be
able to show that message :-)
It'd be great to isolate exactly what is causing the problem, so we can
save other people this suffering; I'd love to invest in that.
BitDefender/Security Essentials blocks some of the CVE test-files. I
assume that to be no difference here. And there's no way to have
av-vendors whitelist those files, as after all they can exploit
vulnerabilities in other/older software.
If it needs forensics to find out what was blocked, then the
av-solution is crap, or the user unwilling to look at the software's
logs.
On Tue, 2014-09-30 at 17:50 -0400, nicholas ferguson wrote:
I think that is a bad idea. A good idea is to turn on anti virus
where work is done. you can't tell developers to turn off their
anti virus when working on windows. That’s crazy talk
Either you disable monitoring for the build-directories, or you
whitelist stuff in another way. Or use a different AV-solution.
Of course false-detection in the result is another story - Symantec
(Norton AV) offers a whitelisting form that I use for the official
builds, so regular users don't get warning when downloading/installing
the finished product. But building is a different story.
I see no way to have the build free of AV-detection unless we remove
all of the CVE testdocuments.
In fact any AV-solution that doesn't block/break the build in a way is
not tightly monitoring the system..
So only way is to do as already written in the buildinstructions and
common sense when actually looking at the AV-solutions' reports:
Disable monitoring for the build. Not only will that not break the
build, but also save some cycles for actually compiling stuff instead
of checking lots of intermediate files.
Your build-account surely is not an administrative account, and not
even the one you do your office work with (as the tests pop up lots of
windows that would otherwise be very distracting) - so I absolutely
don't see this as a huge problem.
ciao
Christian
Context
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.