|
|
Subscribe / Log in / New account

What's next for Apache OpenOffice

What's next for Apache OpenOffice

Posted Sep 8, 2016 15:45 UTC (Thu) by martin.langhoff (guest, #61417)
Parent article: What's next for Apache OpenOffice

As an external observer, I must say that Jim's openness and generosity are remarkable. Hopefully they help people leave the past behind.

This was not the first fraught fork, and it won't be the last. Perhaps the dev community at LibreOffice takes Jim's gestures and helps build the bridge that is obviously needed here.

to post comments

What's next for Apache OpenOffice

Posted Sep 8, 2016 23:47 UTC (Thu) by bunk (subscriber, #44933) [Link] (9 responses)

What kind of future do you have in mind?

The LO people are sitting on 13 years (sic) of LGPL development (ooo-build was started in 2003), which makes the licence change of AOO in 2011 a real problem.

What's next for Apache OpenOffice

Posted Sep 9, 2016 0:09 UTC (Fri) by bunk (subscriber, #44933) [Link]

(I am aware that the actual license situation is more complicated when you consider the MPL licensing of LO - relevant for this discussion is that the ASF would not accept any LO code.)

What's next for Apache OpenOffice

Posted Sep 9, 2016 13:55 UTC (Fri) by martin.langhoff (guest, #61417) [Link] (7 responses)

A future where LO offers some friendly gestures to the few still-active AOO devs, and perhaps AOO points to LibreOffice as the recommended successor, transfers trademark, etc.

It's not something that can happen overnight; there's a dozen reasons that say it can't be done. With a bit of time, and community-building, it'll turn out that it can be done.

Maybe AOO needs to make one more try, see if they can actually make a security fix release; see whether a feature release can be put together. If over that time they get pestered, they'll bolster their pride and soldier on, ready to die with in their boots.

If we can muster a friendlier "why don't you try the same thing you are doing, but here in LO?", I'm sure there are more productive conversations to be had.

What's next for Apache OpenOffice

Posted Sep 9, 2016 13:57 UTC (Fri) by martin.langhoff (guest, #61417) [Link] (6 responses)

When I say "community-building" I mean LO+AOO community. Outreach.

I essentially mean: working to avoid becoming what you hate.

What's next for Apache OpenOffice

Posted Sep 9, 2016 15:17 UTC (Fri) by bunk (subscriber, #44933) [Link] (5 responses)

> If we can muster a friendlier "why don't you try the same thing you are doing, but here in LO?", I'm sure there are more productive conversations to be had.

All the people who were doing actual work on OO already went to LO years ago.
That is the reason why AOO is dead since IBM left.

You are aware that Jim is a member of the ASF board, not someone who does work or has any direct position in AOO?

What's next for Apache OpenOffice

Posted Sep 9, 2016 15:36 UTC (Fri) by martin.langhoff (guest, #61417) [Link] (4 responses)

I know Jim's not a committer (a few days ago, with initial reporting of the topic, I reviewed the changelog for AOO), and that his concerns are with AOO's and ASF's boards.

The AOO dev mailing list thread is interesting, with various posters indicating they are passionate about keeping the AOO flame, but they haven't committed a thing in ages. And at my last read, I could not spot any "let's get builds out with the security fix!" thread (maybe it's elsewhere?).

AOO will follow its path, it's theirs. It will be easier to come together... if we make it easier.

What's next for Apache OpenOffice

Posted Sep 9, 2016 16:14 UTC (Fri) by tialaramex (subscriber, #21167) [Link]

As I understand it, their intention is that 4.1.3 will be those "builds [...] with the security fix" and they are beginning the painstaking process of making 4.1.3 happen. Their goal for now seems to be to have this released before ApacheConEU, in November.

For comparison, it takes LibreOffice about four weeks to ship each micro version update. I'm not aware of any emergency security releases for LibreOffice, with a "responsible disclosure" type policy they could be slip-streamed into existing releases because of the rapid cadence. A bug identified in March becomes a patch in April and a release in May accompanying the CVE announcement. I would presume they can rush out an emergency fix in under a week if somebody released something nasty under a "full disclosure" approach.

What's next for Apache OpenOffice

Posted Sep 9, 2016 16:15 UTC (Fri) by excors (subscriber, #95769) [Link]

> I could not spot any "let's get builds out with the security fix!" thread

That's probably https://lists.apache.org/thread.html/4b1922a18c9b479ae0c2... (in which, after AOO sat on the security bug for about 11 months and still failed to come up with a satisfactory fix, then hit the current crisis and presumably became more aware of the importance and urgency of this (for its own reputation and maybe for its continued existence, not just for its users' security), there is now a goal to hopefully do a 4.1.3 release about 2 months from now).

What's next for Apache OpenOffice

Posted Sep 9, 2016 16:27 UTC (Fri) by orcmid (guest, #74478) [Link] (1 responses)

In fact Jim Jagielski is a committer on the Apache OpenOffice project and a member of the project's Project Management Committee. If you look him up on the Apache Phonebook, you'll see he is highly active across a wide variety of ASF areas, <http://people.apache.org/phonebook.html>.

There are many ways to contribute to an Apache project, and having made code commits is one of them. Lately, if you have followed the dev@ list for the project, you'll find that Jim is working on the MacOSX build process.

There is a private and discrete coverage of security matters, the same as for all projects at the ASF and elsewhere. You can find the ASF policies and practices with regard to security reports at <https://www.apache.org/security/> and pages linked from there.

Since you are following dev@, please notice that there is work at a streamlined 4.1.3 maintenance release. Whatever the next release is, you can expect to see any disclosures and advisories related to that distribution at that time and not before.

What's next for Apache OpenOffice

Posted Sep 13, 2016 16:41 UTC (Tue) by nix (subscriber, #2304) [Link]

Whatever the next release is, you can expect to see any disclosures and advisories related to that distribution at that time and not before.
I'm fairly certain that the existence of a security hole in 4.1.2 is widely known by now. (Far more widely known than it would have been if the bug had just been fixed in a quick point release with an advisory like more or less every other project can manage.)

What's next for Apache OpenOffice

Posted Sep 10, 2016 8:39 UTC (Sat) by dtardon (subscriber, #53317) [Link]

First, I don't believe in his sincerity, as he constantly tries to shift the blame for the past to TDF. It's practically a conspiracy theory... Second, the rest of the AOO community is openly hostile to LibreOffice and TDF--just read their dev. mailing list for the past week.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds