Re: [libreoffice-users] Re: Working on an archive site/pages for LO and the DVD[s] I have been working with

On 10/09/2011 10:45 PM, NoOp wrote:
> On 10/06/2011 06:12 PM, webmaster for Kracked Press Productions wrote:
> > I have had the idea for a few months now, so I figured it was time to
> > start working on it.
> >
> > The original NA-DVD site has a set of archive pages for the installs
> > that went into the NA-DVD[s].  There are all of the OSs and the language
> > and help packs that were linked within the "default" install page[s].
> >
> > This version of the site pages will have the contents of the DVDs, but
> > will have installs for:
> > 3.3.2, 3.3.3, 3.3.4
> > 3.4.1, 3.4.2, 3.4.3
> > plus the new ones when they come out.
> >
> > See what you think.  I need to work on the wording to describe the
> > differences between the 3.3.x line and the 3.4.x line.  I could use some
> > words to describe what line is best to use where.  I know that soon the
> > 3.4.x line will be "enterprise ready" and the "most stable" and "cutting
> > edge" words soon will not be the best.  Also, when 3.5.x line comes out,
> > "most stable" will be describing 3.4.x versions.  So maybe not using
> > that phrase would be better for marketing.
> >
> > http://libreoffice-na.us/multi-version/install.html
> >
> > Any advice could be helpful.
> OT from LO, but I have concerns that you are providing applications with
> considerable security concerns on your site:
>
> http://libreoffice-na.us/multi-version/extras.html
> SeaMonkey 2.0.11 en-US
> (no longer supported and has severe security issues)
> ditto for most all of the rest.
>
> Further, how can one determine even if your images are safe? You provide
> no md5sum or any other type of file check.
>
> Why do you do this (nevermind I forgot your willingness to host insecure
> versions of Java) rather than simple link to:
> http://www.seamonkey-project.org/releases/#old
> where the user can obtain older versions directly from a *reliable*
> source? Example:
> http://www.seamonkey-project.org/releases/2.0.11
>
> Nevermind that there are *NO* further security fixes for SeaMonkey
> 2.0.x, but you just happily seem to ignore the security fixes that were
> added in the 2.0 releases following 2.0.11:
>
> http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html
>
> Fixed in SeaMonkey 2.0.14
> MFSA 2011-18 XSLT generate-id() function heap address leak
> MFSA 2011-16 Directory traversal in resource: protocol
> MFSA 2011-15 Escalation of privilege through Java Embedding Plugin
> MFSA 2011-14 Information stealing via form history
> MFSA 2011-13 Multiple dangling pointer vulnerabilities
> MFSA 2011-12 Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/
> 1.9.1.19)
> Fixed in SeaMonkey 2.0.13
> MFSA 2011-11 Update to HTTPS certificate blacklist
> Fixed in SeaMonkey 2.0.12
> MFSA 2011-10 CSRF risk with plugins and 307 redirects
> MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome
> documents
> MFSA 2011-07 Memory corruption during text run construction (Windows)
> MFSA 2011-06 Use-after-free error using Web Workers
> MFSA 2011-05 Buffer overflow in JavaScript atom map
> MFSA 2011-04 Buffer overflow in JavaScript upvarMap
> MFSA 2011-03 Use-after-free error in JSON.stringify
> MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true
> MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)
>
>
> In the end I guess it may not matter as I tried to download the linux
> version of SeaMonkey 2.0.11 from your site and recevied:
> ===
> <http://libreoffice-na.us/multi-version/extras-folders/seamonkey/english/seamonkey-2.0.11.tar.bz2
> Not Found
>
> The requested URL
> /multi-version/extras-folders/seamonkey/english/seamonkey-2.0.11.tar.bz2
> was not found on this server.
>
> Additionally, a 404 Not Found error was encountered while trying to use
> an ErrorDocument to handle the request.
> Apache Server at libreoffice-na.us Port 80
> ===
>
> Ditto for:
> <http://libreoffice-na.us/multi-version/extras-folders/seamonkey/english/SeaMonkey%20Setup%202.0.11.exe>
>
> IMO your time would be better served contributing to the actual LO
> website rather than creating your own. If archived images (as indicated
> by your subject in the start of this thread are desired) archived images
> are available at:<http://download.documentfoundation.org/libreoffice/old/>
>
> It appears to me that you are not concerned with security *at all*&  for
> that reason I'd recommend that others avoid downloading anything from
> your site.

Well, the list of "extras" like SeaMonkey came directly from the list 
used in the first German language DVD created by the TDF/LO people.  I 
do not use SeaMonkey, but since the LO people listed it, I did as well.  
As for md5sum filse, I never created them before.  If you check the 
LibreOffice.org download page, you will find that they do not have 
md5sum files listed either.

As for the Not Found issues, I will look into that as soon as I have 
time.  But as you stated, I should remove Seamonkey from the list.

ALSO, for security sake, ALL files that are downloaded [Windows users 
should always do this] should be run though your virus scanners before 
you run them.  Some scanners actually check all downloaded files right 
after they have completed their download.  When I ran Windows as my 
default OS, I always virus scanned downloaded files, EVEN from trusted 
sites.  I had too many support calls from people who downloaded and ran 
software without scanning it and got infected.  I just dealt with a lady 
who main partition got wiped by a nasty that was downloaded from one of 
the sites she went to.  Linux users are a little safer, but I have a 
virus checker run every few days on my 3TB of files, many are Win 
installs being archived on my data drive for later use on Windows 
systems I work on from time to time.



--
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted