On 08/01/2016 07:38 PM, Dennis E. Hamilton wrote: > > >> -----Original Message----- >> From: Kay Schenk [mailto:kay.sch...@gmail.com] >> Sent: Monday, August 1, 2016 15:43 >> To: dev@openoffice.apache.org >> Subject: Re: Officially releasing a patch for CVE-2016-1513 >> >> >> On 07/31/2016 05:17 PM, Dennis E. Hamilton wrote: >>> >>> >>>> -----Original Message----- >>>> From: Kay sch...@apache.org [mailto:ksch...@apache.org] >>>> Sent: Sunday, July 31, 2016 14:42 >>>> To: dev@openoffice.apache.org >>>> Subject: Re: Officially releasing a patch for CVE-2016-1513 >>>> >>>> OK, I think I'm done with the LInux64 bit area as well. >>>> >>>> And see below .... >>>> >>>> >>>> On 07/31/2016 01:10 PM, Marcus wrote: >>> [ ... ] >>>>> I'm preparing the hotfix webpage. For this I've some questions: >>>>> >>>>> 1. Do we want to provide zip files for every platform or just single >>>>> files for the library and other files? >>>> >>>> Hmmmm... I assumed we would just be point people directly at >>>> /dist/release/openoffice/patches. >>>> (Right now, these are in /dist/dev/openoffice/patches.) >>>> >>>> It would be easiest to just setup the hotfix page with three links >> per >>>> distro. >>>> >>>> Linux32 >>>> * link to Linux32.README >>>> * link to linux32 libtl.so >>>> * link to linux32 libtl.so.asc (sig) >>>> >>>> etc. >>>> >>>> If not, the READMEs I wrote will need to change. >>> [orcmid] >>> >>> I recommend there should be single-file (e.g., Zip) distributions, >> just like all other binaries. That gives just one thing to download. >> The MD5, SHA512, and ASC signatures should be on the whole package and >> stay in the dev/ and release/ folders, just as they are on download >> pages. (The ASC signatures on the individual library-file binaries >> should be inside the package.) I suspect, on the dev/ side, we might >> need copies of the READMEs alongside the archives, and revised more >> regularly, >> >> I was Ok up to this statement. Are you saying INCLUDE the readmes in the >> zip package but leave them outside of where they now are? If we want >> signed zip files, can't we just leave the files we have now in: >> >> https://dist.apache.org/repos/dist/dev/openoffice/4.1.2-patch1/binaries/ >> >> but zip them up as well, inlcuding the READMEs? >> Or, are you saying at distribution time, remove the libraries and their >> sigs Btu leave the README files? >> We have these in their own labeled area -- 4.1.2-patch1 -- so I don't >> see a problem with just leaving everything there. >> > [orcmid] > > I'll do what I mean by example when I upload the Windows case by tomorrow > morning, at the latest. > > Then it will be easier to talk about it. > > - Dennis >
OK, great...it's looks like we are still lacking a MacOSX README. Any volunteers? Even if you can't or don't want to commit to: https://dist.apache.org/repos/dist/dev/openoffice/4.1.2-patch1/binaries/ Please send to this list as a ".txt" attachment and we should be able to receive it. Thanks in advance for your help. >>> so they can be reviewed and revised easily as we get QA and trial use. >> When we move over to release/ we might want to do the same, even though >> the README is in the archive, so that people can read it without >> downloading the package. >>> >>> Finally, please use README.txt, etc., so that line-ending adjustments >> will happen properly when folks move these in and out of SVN and also >> out of archive files. This will also help browsers when folks retrieve >> these directly from the repository. >>> >>> PS: If we are concerned about the README.txt outside of the archive >> being authenticated, it can have an embedded PGP signature. (Then the >> final archive-internal one would be a copy of the signed README.txt -- >> no biggie, nice chain of custody). >>> >>> [ ... ] >>> -- -------------------------------------------- MzK "Time spent with cats is never wasted." -- Sigmund Freud --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
