[libreoffice-marketing] Re: [Libreoffice] Authorized information source about security fixes

Hi guys,

On Thu, 2011-02-03 at 23:03 +0100, Rene Engelhard wrote:
> I don't know what you count as authorized, but this is at least worth
> pointing people to:
> http://lists.debian.org/debian-openoffice/2011/01/msg00287.html

        Quite; and I will blog this as well (when I get on-line):

                Interested by the concern and uncertainty being created
        around the mistaken idea that there are some security fixes present
        in OO.o that are not in LibreOffice. This is not so. LibreOffice
        contains all the security fixes in 3.3.0 and perhaps more. Why more ?
        simply as side-effects of our code cleans, application of cppcheck
        etc. Many 'security bugs' are really just bugs, and we're working hard
        to improve our code quality.
        To improve code security many projects do code 'auditing', a big part
        of which is careful reading of the code with this in mind. In
        LibreOffice code review is the norm, so we aspire to a higher quality
        from this perspective over time. Sadly, of course there are always
        human errors, but as and when they are found, we aim to create fixes
        and get them to our users more quickly via. our rapid monthly stable
        releases.
        
        IMHO we need to claim the moral high ground here; LibreOffice -should-
be increasingly more secure, if not now, then over time.

        ATB,

                Michael.

-- 
 michael.meeks@novell.com  <><, Pseudo Engineer, itinerant idiot



-- 
Unsubscribe instructions: E-mail to marketing+help@libreoffice.org
List archive: http://listarchives.libreoffice.org/www/marketing/
*** All posts to this list are publicly archived for eternity ***