|
|
Subscribe / Log in / New account

What's next for Apache OpenOffice

What's next for Apache OpenOffice

Posted Sep 9, 2016 15:53 UTC (Fri) by bunk (subscriber, #44933)
In reply to: What's next for Apache OpenOffice by zlynx
Parent article: What's next for Apache OpenOffice

This is not really comparable, the license change of AOO was announced 9 months *after* LO started.

to post comments

What's next for Apache OpenOffice

Posted Sep 9, 2016 16:12 UTC (Fri) by rsidd (subscriber, #2582) [Link] (10 responses)

It is still somewhat comparable. If GNU had changed the gcc licence to GPLv3 after egcs had (hypothetically) existed for a while as GPLv2-only, it would be the same situation. In my original post I did not intend to say the situations were exactly comparable. And I did say that I do not expect the egcs end-result to occur -- partly because of the licensing issues, but also because of the irrational hostility in the AOO camp to LO. (Am I the only one who finds jimjag's posts here passive-aggressive rather than reasonable?)

What's next for Apache OpenOffice

Posted Sep 9, 2016 23:36 UTC (Fri) by flussence (guest, #85566) [Link] (1 responses)

> (Am I the only one who finds jimjag's posts here passive-aggressive rather than reasonable?)
Nope. Quite a few have picked up on it. I get the sense that it's a symptom of some deep rooted cultural problem in Apache, since everyone knows it's not the first time they've had representatives here acting like this. The less words we give them to spin out of context, the better.

What's next for Apache OpenOffice

Posted Sep 15, 2016 16:15 UTC (Thu) by Wol (subscriber, #4433) [Link]

As I put it, he seems to be a nice person parroting the company line ...

If you want to call it "passive aggressive", then yes, that doesn't sound far off.

I certainly get the impression he is NOT trying to confront the arguments on their merits...

Cheers,
Wol

What's next for Apache OpenOffice

Posted Sep 13, 2016 12:42 UTC (Tue) by nix (subscriber, #2304) [Link] (7 responses)

The situations are principally not comparable because of the people involved. The egcs split consisted of more or less the entire developer base of GCC, eventually even including GCC's then official maintainer (Richard Kenner): the main change was an experiment with less cathedralic, more open development (public mailing lists, etc). It was a wild success, but was always planned for reintegration, hence keeping up with the copyright assignment and employer disclaimer bureaucracy, GNU coding style etc.

The Apache thing was a corporate code drop and an intentional license change without any of the original developers following along and sort of hoping to build up momentum from there (it didn't). egcs never *had* to build up momentum. On the contrary, a lot of pent-up development effort was immediately unleashed into it. Combine that with the fact that the corporate code drop was more or less unable to incorporate useful amounts of code from the actually living project, and doom was more or less certain from the start unless corporate sponsorship and a pre-made developer base larger than LO's could be found somewhere.

What's next for Apache OpenOffice

Posted Sep 13, 2016 13:02 UTC (Tue) by rsidd (subscriber, #2582) [Link] (1 responses)

Um, I was comparing egcs to LO, not AOO! LO is the project with the different name, the developers and the momentum.

What's next for Apache OpenOffice

Posted Sep 14, 2016 23:54 UTC (Wed) by nix (subscriber, #2304) [Link]

Ah, sorry, I somehow flipped my understanding in the middle of what I was writing, and ended up writing something that made very little sense.

What you said is right.

What's next for Apache OpenOffice

Posted Sep 13, 2016 13:57 UTC (Tue) by orcmid (guest, #74478) [Link] (3 responses)

Minor correction #1: It is inaccurate to say that none of the original developers worked on Apache OpenOffice while it was incubating and later. Of those, a few were even hired by IBM to work on the project. Some contributors to Apache OpenOffice also contribute to LibreOffice (and vice versa), although that is now a small and, I believe, shrinking number. I'd say the greatest level of cooperation is with regard to security issues, as it should be.

Minor correction #2: Technically, there was no "license change." Oracle holds the copyright and all code released under LGPL2 is still under LGPL2. What Oracle did was grant a different license to the Apache Software Foundation (not unlike Sun made different license arrangements with commercial producers). The grant to the ASF allowed ASF to distribute the to-ASF licensed code under a license of its choosing, hence the Apache License. Similarly, IBM made a license grant to ASF for their originally closed-source Lotus Symphony code derived from the OpenOffice.org code licensed to them. Indeed, it is only through Apache that any code developed for Symphony finds its way into LibreOffice.

What's next for Apache OpenOffice

Posted Sep 13, 2016 15:55 UTC (Tue) by bunk (subscriber, #44933) [Link] (2 responses)

> I'd say the greatest level of cooperation is with regard to security issues, as it should be.

What went wrong with CVE-2016-1513, resulting in even http://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-1513 not mentioning that older LO versions are vulnerable?

> Minor correction #2: Technically, there was no "license change." Oracle holds the copyright and all code released under LGPL2 is still under LGPL2. What Oracle did was grant a different license to the Apache Software Foundation (not unlike Sun made different license arrangements with commercial producers). The grant to the ASF allowed ASF to distribute the to-ASF licensed code under a license of its choosing, hence the Apache License.

One could say AOO was created with a licensing that makes it impossible for AOO to take code from LO.
(Whether that was done intentionally by Oracle is a separate question.)

The important point is the order of events - no matter how you call it, the problem was introduced by the AOO side months after LO was started.

> Similarly, IBM made a license grant to ASF for their originally closed-source Lotus Symphony code derived from the OpenOffice.org code licensed to them. Indeed, it is only through Apache that any code developed for Symphony finds its way into LibreOffice.

It seems there is/was a lot of politics by Oracle and IBM involved.

I do not see a fundamental reason why IBM could not just have relicensed the Symphony code under the ASL, and then publish it as a tarball somewhere. Less work for them, and the code is in LO a year earlier.

What's next for Apache OpenOffice

Posted Sep 13, 2016 17:08 UTC (Tue) by orcmid (guest, #74478) [Link] (1 responses)

> What went wrong with CVE-2016-1513, resulting in even http://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-1513 not mentioning that older LO versions are vulnerable?

The reporter only provided their result for AOO 4.1.2. My mistake was I confirmed that the defect is not in a current release of LibreOffice and did not consider the case of down-version releases that would still be under maintenance.

I did inform [Officesecurity] before our disclosure, but it was very short notice.

To avoid that happening again, we are now always informing [Officesecurity] of pending AOO disclosures of defects that might still matter in that community, and they get to decide whether that is the case or not.

I didn't word the CVE and I have no account for that. The AOO advisory, linked from that CVE does mention the prospect. Of course that doesn't name other products. I assume that other descendants of the openoffice.org code base will issue their own advisories as they see fit. I know the patch we published is used by at least one other.

What's next for Apache OpenOffice

Posted Sep 13, 2016 19:30 UTC (Tue) by bunk (subscriber, #44933) [Link]

> The reporter only provided their result for AOO 4.1.2.

My guess (that could be wrong) would be that they found the issue while checking which of the fuzzing fixes in LO might be exploitable.

It isn't that uncommon that someone finds vulnerabilities in Open Source software by going through normal bugfixes - until the fix has reached all users, there are still years where it can be exploited if the finder has intentions other than publishing.

> I assume that other descendants of the openoffice.org code base will issue their own advisories as they see fit. I know the patch we published is used by at least one other.

What other direct (not through LO) descendants exist of the AOO code base?

The only area where AOO could have an advantage over LO would be for companies who don't want to use LO for license reasons.

And these descendants should have a financial interest in keeping AOO alive.

What's next for Apache OpenOffice

Posted Sep 15, 2016 16:19 UTC (Thu) by Wol (subscriber, #4433) [Link]

Yup.

egcs forked because there was pent-up developer demand that couldn't get their changes into gcc.

LO (Go-OO) forked because there was pent-up developer demand that couldn't get their changes into Sun Open Office.

Likewise Xorg forked because there was pent-up developer demand that couldn't get their changes into XFree.

So all those projects were vibrant from the start, getting off to a flying start. Unfortunately, AOO is the direct descendant of Sun Open Office, with a reputation for cathedral development and a disinclination for accepting outside help ... :-(

Cheers,
Wol


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds