Re: [libreoffice-users] Libre Office

On 22/08/2016 14:48, Mukesh Chaurasia wrote:

> 1.       What is the procedure for patch updates for LibreOffice?

Basically, uninstall the old version of LibO, install the new version of
LibO. As a general rule, copying the /config/LibO/old-version/user
directory to /config/LibO/new-version/user migrates customizations.  The
big exception is installed extensions. Those will have to be manually
done. (If LibO is compiled in-house, necessary extensions can be
included in that build process.)

The specific process depends upon the platform that is used.

Note: neither Android nor iOS on the iPhone, iPod, or iPad are currently
supported.  You'll have to write a lot of code, to have a usable version
of LibO on those platforms.)

> 2.       How will I get the information that any vulnerability has identified in LibreOffice?

https://www.libreoffice.org/about-us/security/advisories/ is a list of
fixed, known vulnerabilities.

Coverty scan results are posted to libreoffice@lists.freedesktop.org
every month.
http://nabble.documentfoundation.org/New-Defects-reported-by-Coverity-Scan-for-LibreOffice-td4191140.html
is a fairly typical report.

If you're wanting announcements, such as that described at
https://www.helpnetsecurity.com/2016/06/30/libreoffice-flaw-godsend-hackers/,
a Google Alert is your best bet. (That specific flaw was fixed in LibO
5.1.4/5.2.0.)

> 3.       How will I get the information about new updates available for LibreOffice?

announce@documentfoundation.org: Mailing list for news and press
releases by The Document Foundation.
Subscription: announce+subscribe@documentfoundation.org
Digest subscription: announce+subscribe-digest@documentfoundation.org
Archives: http://listarchives.documentfoundation.org/www/announce/
Mail-Archive.com:
http://www.mail-archive.com/announce@documentfoundation.org/
GMANE: http://dir.gmane.org/gmane.comp.documentfoundation.announce

That is a low traffic mailing list. Roughly half the messages are about
new releases of either the program, or documentation.

> 4.       Who will support us in case if any outbreaks happens due to any vulnerabilities?

https://www.libreoffice.org/get-help/professional-support/ is a list of
vendors of Tier 1 through Tier 3 support, that have undergone TDF
certification.

LibreOffice, as a project, and _The Document Foundation_, as an
organization, provide Tier 0 support.

> 5.       What is timeline to provide the fix to any vulnerability?

That depends on how severe the vulnerability is, and how much other code
is affected by rewritten the vulnerable code.

###

As far as points 1 through 4 go, what some organizations have done, is
designated somebody as their FLOSS Specialist. This person is
responsible for:
* Keeping up with new releases and updates;
* Testing all releases/updates ensuring that it works as expected,
within the organisation's framework. This includes extensions that are
mandated by corporate;
* Keeping up with all announcements about vulnerabilities, regardless of
where/how the vulnerability was announced;
* Tracking all known vulnerabilities, including when and how fixed;
* Filing bug reports with the organization that wrote the software;

In some organizations, that individual is also responsible for all
training on using the software.

jonathon

-- 
To unsubscribe e-mail to: users+unsubscribe@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted