Thanks all for you input and guidance.
From: Tom Davies [mailto:tomdavies04@yahoo.co.uk]
Sent: Thursday, September 12, 2013 12:55 PM
To: Vladimir Tagaban
Cc: users@global.libreoffice.org
Subject: Re: [libreoffice-users] Security vulnerabilities
Hi :)
The most stable version of LO right now is the 3.6.7 but the 4.0.5 is so rock solid that it's
doubtful you would need anything stronger than that.
Anyhow it seems you have a deep misunderstanding about the reason for LibreOffice's rapid
development.
There is 1 huge difference between OpenSource and proprietary systems with regards to updates,
patches and all the rest.
* In proprietary systems almost all updates claim to be "security updates" and often patches are
supplied in between times to deal with security issues.
* In OpenSource systems the security tends to be there already. Security is about the top
priority. In order to even work at all on Gnu&Linux each program has to be written to be very
secure and take notice of crucial issues. The under-laying OS separates out normal users from
Admin/SuperUsers to such an extent that programs have to be able to run fully as normal users.
There are no easy short-cuts around that.
So, OpenSource updates are usually about adding functionality. Where bugs happen they are seldom
about security and rarely make the system vulnerable. It's more likely that some feature simply
doesn't work or does something a bit strange. If anyone does spot a weird bit of coding that could
potentially be a security issue then it is given a HIGH priority and fast-tracked through to try to
fix it before the code is released.
Proprietary tools prioritise features rather than security and no-one gets to see how badly any of
the code is so there is no-one to really criticise kludges. It's only AFTER hundreds of thousands
of machines are affected by a security breach that companies tend to start thinking about diverting
resources into fixing it. Even then they are likely to try to wrap it into their new version and
make people buy that rather than give the patch for free.
The aim with proprietary tools is to find ways of forcing people to buy newer versions in order to
carry on doing the same work they can already do with older versions.
With OpenSource it's more about the excitement of being able to do new things. No-one really cares
if you stick with an older version because no-one makes any profit if you upgrade or not. So you
can stick with older versions if you want and many of us do until we just can't stand it anymore
and want to join in with the fun everyone else is having with the newer versions.
So, OpenSource updates are seldom about security. They are almost always bug-fixes to increase
functionality or else are added functionality that is completely new.
Regards from
Tom :)
________________________________
From: Tom Davies <tomdavies04@yahoo.co.uk<mailto:tomdavies04@yahoo.co.uk>>
To: "jslozier@gmail.com<mailto:jslozier@gmail.com>"
<jslozier@gmail.com<mailto:jslozier@gmail.com>>; Vladimir Tagaban
<vtagaban@vistaprint.com<mailto:vtagaban@vistaprint.com>>
Cc: "users@global.libreoffice.org<mailto:users@global.libreoffice.org>"
<users@global.libreoffice.org<mailto:users@global.libreoffice.org>>
Sent: Thursday, 12 September 2013, 16:50
Subject: Re: [libreoffice-users] Security vulnerabilities
Hi :)
I think the 3.4.x dealt with 1 issue and some other fairly early branch around there dealt with
another. AOO have just dealt with those issues in the last couple of months.
I don't think either issue was "out in the wild" or actually affecting anyone but i am not entirely
certain of that. One of the often stated advantages of OpenSource is "more eyeballs on the code"
and i have a feeling it was a dev that spotted the problem, in both cases, before it became widely
known. Certainly no-one reported problems on this mailing list and i first heard about them on the
marketing mailing list (ie not an expected route).
I think there is a security mailing list (which i am not on) and normal users could have reported
directly to the devs without me knowing, but usually people bring their problems to this list
before going to the others afaik.
Also i have no idea how to find out what the problem was or how to try to take advantage of it on
an ancient version of LO. I think AOO made an announcement and someone copied that to this list
but i would struggle to find the thread in the archives!
So, all i do know (at least for fairly certain) is that there was 1 problem a couple of years ago
and it got fixed.
Sorry chap!
Happy hunting!
Regards from
Tom :)
________________________________
From: Jay Lozier <jslozier@gmail.com<mailto:jslozier@gmail.com>>
To: Vladimir Tagaban <vtagaban@vistaprint.com<mailto:vtagaban@vistaprint.com>>
Cc: "users@global.libreoffice.org<mailto:users@global.libreoffice.org>"
<users@global.libreoffice.org<mailto:users@global.libreoffice.org>>
Sent: Thursday, 12 September 2013, 13:39
Subject: Re: [libreoffice-users] Security vulnerabilities
-----Original Message-----
From: Vladimir Tagaban <vtagaban@vistaprint.com<mailto:vtagaban@vistaprint.com>>
To: users@global.libreoffice.org<mailto:users@global.libreoffice.org>
<users@global.libreoffice.org<mailto:users@global.libreoffice.org>>
Subject: [libreoffice-users] Security vulnerabilities
Date: Thu, 12 Sep 2013 01:10:09 +0000
Hello guys,
I was just wondering, are there any know security vulnerabilities with LibreOffice 4.0.2. I want to
test it but wanted to know if there were any concerns. I know that you are currently at version
4.1.1 but wanted to use an older version.
I have done some research online into this matter but nothing was stated as far as security
concerns were concerned.
Sincerely,
Vladimir Tagaban
Vladimir,
I would check Bugzilla for any security concerns or reports.
--
Jay Lozier
jslozier@gmail.com<mailto:jslozier@gmail.com>
--
To unsubscribe e-mail to: users+unsubscribe@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted
Context
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.