Date: prev next · Thread: first prev next last
2011 Archives by date, by thread · List index


On 10/09/2011 10:45 PM, NoOp wrote:
On 10/06/2011 06:12 PM, webmaster for Kracked Press Productions wrote:
I have had the idea for a few months now, so I figured it was time to
start working on it.

The original NA-DVD site has a set of archive pages for the installs
that went into the NA-DVD[s].  There are all of the OSs and the language
and help packs that were linked within the "default" install page[s].

This version of the site pages will have the contents of the DVDs, but
will have installs for:
3.3.2, 3.3.3, 3.3.4
3.4.1, 3.4.2, 3.4.3
plus the new ones when they come out.

See what you think.  I need to work on the wording to describe the
differences between the 3.3.x line and the 3.4.x line.  I could use some
words to describe what line is best to use where.  I know that soon the
3.4.x line will be "enterprise ready" and the "most stable" and "cutting
edge" words soon will not be the best.  Also, when 3.5.x line comes out,
"most stable" will be describing 3.4.x versions.  So maybe not using
that phrase would be better for marketing.

http://libreoffice-na.us/multi-version/install.html

Any advice could be helpful.

OT from LO, but I have concerns that you are providing applications with
considerable security concerns on your site:

http://libreoffice-na.us/multi-version/extras.html
SeaMonkey 2.0.11 en-US
(no longer supported and has severe security issues)
ditto for most all of the rest.

Further, how can one determine even if your images are safe? You provide
no md5sum or any other type of file check.

Why do you do this (nevermind I forgot your willingness to host insecure
versions of Java) rather than simple link to:
http://www.seamonkey-project.org/releases/#old
where the user can obtain older versions directly from a *reliable*
source? Example:
http://www.seamonkey-project.org/releases/2.0.11

Nevermind that there are *NO* further security fixes for SeaMonkey
2.0.x, but you just happily seem to ignore the security fixes that were
added in the 2.0 releases following 2.0.11:

http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html

Fixed in SeaMonkey 2.0.14
MFSA 2011-18 XSLT generate-id() function heap address leak
MFSA 2011-16 Directory traversal in resource: protocol
MFSA 2011-15 Escalation of privilege through Java Embedding Plugin
MFSA 2011-14 Information stealing via form history
MFSA 2011-13 Multiple dangling pointer vulnerabilities
MFSA 2011-12 Miscellaneous memory safety hazards (rv:2.0.1/ 1.9.2.17/
1.9.1.19)
Fixed in SeaMonkey 2.0.13
MFSA 2011-11 Update to HTTPS certificate blacklist
Fixed in SeaMonkey 2.0.12
MFSA 2011-10 CSRF risk with plugins and 307 redirects
MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome
documents
MFSA 2011-07 Memory corruption during text run construction (Windows)
MFSA 2011-06 Use-after-free error using Web Workers
MFSA 2011-05 Buffer overflow in JavaScript atom map
MFSA 2011-04 Buffer overflow in JavaScript upvarMap
MFSA 2011-03 Use-after-free error in JSON.stringify
MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true
MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)


In the end I guess it may not matter as I tried to download the linux
version of SeaMonkey 2.0.11 from your site and recevied:
===
<http://libreoffice-na.us/multi-version/extras-folders/seamonkey/english/seamonkey-2.0.11.tar.bz2
Not Found

The requested URL
/multi-version/extras-folders/seamonkey/english/seamonkey-2.0.11.tar.bz2
was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use
an ErrorDocument to handle the request.
Apache Server at libreoffice-na.us Port 80
===

Ditto for:
<http://libreoffice-na.us/multi-version/extras-folders/seamonkey/english/SeaMonkey%20Setup%202.0.11.exe>

IMO your time would be better served contributing to the actual LO
website rather than creating your own. If archived images (as indicated
by your subject in the start of this thread are desired) archived images
are available at:<http://download.documentfoundation.org/libreoffice/old/>

It appears to me that you are not concerned with security *at all*&  for
that reason I'd recommend that others avoid downloading anything from
your site.

Well, the list of "extras" like SeaMonkey came directly from the list used in the first German language DVD created by the TDF/LO people. I do not use SeaMonkey, but since the LO people listed it, I did as well. As for md5sum filse, I never created them before. If you check the LibreOffice.org download page, you will find that they do not have md5sum files listed either.

As for the Not Found issues, I will look into that as soon as I have time. But as you stated, I should remove Seamonkey from the list.

ALSO, for security sake, ALL files that are downloaded [Windows users should always do this] should be run though your virus scanners before you run them. Some scanners actually check all downloaded files right after they have completed their download. When I ran Windows as my default OS, I always virus scanned downloaded files, EVEN from trusted sites. I had too many support calls from people who downloaded and ran software without scanning it and got infected. I just dealt with a lady who main partition got wiped by a nasty that was downloaded from one of the sites she went to. Linux users are a little safer, but I have a virus checker run every few days on my 3TB of files, many are Win installs being archived on my data drive for later use on Windows systems I work on from time to time.



--
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.