Date: prev next · Thread: first prev next last
2016 Archives by date, by thread · List index


On 22/08/2016 14:48, Mukesh Chaurasia wrote:

1.       What is the procedure for patch updates for LibreOffice?

Basically, uninstall the old version of LibO, install the new version of
LibO. As a general rule, copying the /config/LibO/old-version/user
directory to /config/LibO/new-version/user migrates customizations.  The
big exception is installed extensions. Those will have to be manually
done. (If LibO is compiled in-house, necessary extensions can be
included in that build process.)

The specific process depends upon the platform that is used.

Note: neither Android nor iOS on the iPhone, iPod, or iPad are currently
supported.  You'll have to write a lot of code, to have a usable version
of LibO on those platforms.)

2.       How will I get the information that any vulnerability has identified in LibreOffice?

https://www.libreoffice.org/about-us/security/advisories/ is a list of
fixed, known vulnerabilities.

Coverty scan results are posted to libreoffice@lists.freedesktop.org
every month.
http://nabble.documentfoundation.org/New-Defects-reported-by-Coverity-Scan-for-LibreOffice-td4191140.html
is a fairly typical report.

If you're wanting announcements, such as that described at
https://www.helpnetsecurity.com/2016/06/30/libreoffice-flaw-godsend-hackers/,
a Google Alert is your best bet. (That specific flaw was fixed in LibO
5.1.4/5.2.0.)

3.       How will I get the information about new updates available for LibreOffice?

announce@documentfoundation.org: Mailing list for news and press
releases by The Document Foundation.
Subscription: announce+subscribe@documentfoundation.org
Digest subscription: announce+subscribe-digest@documentfoundation.org
Archives: http://listarchives.documentfoundation.org/www/announce/
Mail-Archive.com:
http://www.mail-archive.com/announce@documentfoundation.org/
GMANE: http://dir.gmane.org/gmane.comp.documentfoundation.announce

That is a low traffic mailing list. Roughly half the messages are about
new releases of either the program, or documentation.

4.       Who will support us in case if any outbreaks happens due to any vulnerabilities?

https://www.libreoffice.org/get-help/professional-support/ is a list of
vendors of Tier 1 through Tier 3 support, that have undergone TDF
certification.

LibreOffice, as a project, and _The Document Foundation_, as an
organization, provide Tier 0 support.

5.       What is timeline to provide the fix to any vulnerability?

That depends on how severe the vulnerability is, and how much other code
is affected by rewritten the vulnerable code.

###

As far as points 1 through 4 go, what some organizations have done, is
designated somebody as their FLOSS Specialist. This person is
responsible for:
* Keeping up with new releases and updates;
* Testing all releases/updates ensuring that it works as expected,
within the organisation's framework. This includes extensions that are
mandated by corporate;
* Keeping up with all announcements about vulnerabilities, regardless of
where/how the vulnerability was announced;
* Tracking all known vulnerabilities, including when and how fixed;
* Filing bug reports with the organization that wrote the software;

In some organizations, that individual is also responsible for all
training on using the software.

jonathon

-- 
To unsubscribe e-mail to: users+unsubscribe@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.