|
|
Subscribe / Log in / New account

What's next for Apache OpenOffice

What's next for Apache OpenOffice

Posted Sep 8, 2016 16:39 UTC (Thu) by servilio-ap (subscriber, #56287)
In reply to: What's next for Apache OpenOffice by johannbg
Parent article: What's next for Apache OpenOffice

or atleast it will take them year(s) to just get to the level that LO is

I don't think they have years… I doubt the ASF board wants to wait for the next vulnerability.

to post comments

What's next for Apache OpenOffice

Posted Sep 8, 2016 17:22 UTC (Thu) by johannbg (guest, #65743) [Link] (1 responses)

I think everyone but ASF/AOO realize that they have already run out of time and if the bug handling is as was describe by seanyoung in a comment in this thread then those security vulnerabilities already exist since they aren't getting reported.

What's next for Apache OpenOffice

Posted Sep 8, 2016 17:54 UTC (Thu) by cesarb (subscriber, #6266) [Link]

It's worse than that. As I noted in the other thread (https://lwn.net/Articles/699108/), the vulnerability which started this discussion had been found and fixed on LO more than an year before it was reported to AOO. An attacker would just have to search the LO commits for the many ones marked as fixing issues reported by valgrind/coverity/etc; some of them will be vulnerabilities in OOo code inherited by both AOO and LO.

What's next for Apache OpenOffice

Posted Sep 9, 2016 5:51 UTC (Fri) by alison (subscriber, #63752) [Link] (3 responses)

>I doubt the ASF board wants to wait for the next vulnerability.

Kudos to ASF then. It would be great if Linux Foundation similarly shutdown dead projects and took their git repos and mailing lists down.

What's next for Apache OpenOffice

Posted Sep 13, 2016 11:33 UTC (Tue) by nix (subscriber, #2304) [Link] (2 responses)

You don't want to shut down the git repos and mailing lists of dead projects. Those are historical data and might well be valuable in future. You might not be able to push or post to them, but they should never go away.

What's next for Apache OpenOffice

Posted Sep 13, 2016 15:06 UTC (Tue) by alison (subscriber, #63752) [Link] (1 responses)

nix, point taken, but assuredly indicating that a project is dead would clear up some recurring confusion.

What's next for Apache OpenOffice

Posted Sep 14, 2016 23:53 UTC (Wed) by nix (subscriber, #2304) [Link]

Oh, definitely. No project should be so dead that it can't say it's dead (says I, maintainer of at least three projects which are, uh, not technically dead but I haven't touched them in ten years. Zombie?)


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds