On 08/13/2016 09:46 AM, Marcus wrote: > Am 08/13/2016 06:24 PM, schrieb Kay Schenk: >> >> On 08/13/2016 07:00 AM, Marcus wrote: >>> Here are my tests: >>> >>> Linux 32-bit: >>> >>> - ZIP file is OK and can be uncompressed >>> - MD5, SHA1 are OK [1] >>> - ZIP ASC is OK (signature from Kay Schenk) >>> - Library ASC is OK (signature from Ariel Constenla-Haile) >>> >>> Linux 64-bit: >>> >>> - ZIP file is OK and can be uncompressed >>> - MD5, SHA1 are OK [1] >>> - ZIP ASC is OK (signature from Kay Schenk) >>> - Library ASC is OK (signature from Ariel Constenla-Haile) >>> >>> Mac OSX: >>> >>> - ZIP file is OK and can be uncompressed >>> - MD5, SHA1 are OK [1] >>> - ZIP ASC is OK (signature from Kay Schenk) >>> - Library ASC is OK (signature from Ariel Constenla-Haile) >>> >>> However, after rewriting the files (of course without to modify the hash >>> values itself) the comparsion was OK. >>> >>> @Kay: >>> I've uploaded the sha256 hash files as suggested. >> >> YAY! Good job! >> >> Do you mind when I >>> overwrite the other hash files with the ones I've created? Then all have >>> the same format. >> >> No, go right ahead. With the openssl with digest options, this is how >> they got formatted. > > OK, done > >>> Furthermore, I've read the Readme's for Linux [2] and Mac. As I didn't >>> wanted to simply overwrite your work, I've attached the modified >>> versions. So, you can review them first or I can overwrite them if you >>> don't mind. >> >> I assumed this part -- >> >> "Download the hotfix ZIP file to a location on your PC where it can be >> used and its content extracted. >> >> Example: >> User Jane downloaded and extracted the hotfix ZIP file from her browser >> window and saved it in a folder called "Downloads". The full path is: >> >> /home/jane/Downloads" >> >> would be on the hotfix page itself so not needed as part of the actual >> instructions. The rest of the changes look fine. > > OK, but when we keep the Readme's also outside of the ZIP files it could > make sense to keep this text part. > > Otherwise I can delete the part and just upload the Readme's. > > Marcus > >
OK, upload this new version of README to be outside the zip. Otherwise, we need to redo the zips, recompute checksums etc. Thanks again for re-doing the checksums. > >>> [1] The files are not well formatted for the "md5sum" and "sha1sum" >>> commands. They need the following format: >>> >>> <hash value><space><space><file name> >>> >>> [2] The Readmes for Linux 32-bit and 64-bit are the same. I've just >>> attached the one for 32-bit. >>> >>> Marcus >>> >>> >>> >>> Am 08/12/2016 06:21 PM, schrieb Kay Schenk: >>>> On Thu, Aug 11, 2016 at 3:27 PM, Marcus<marcus.m...@wtnet.de> wrote: >>>> >>>>> Am 08/11/2016 09:50 PM, schrieb Kay sch...@apache.org: >>>>> >>>>>> >>>>>> On 08/09/2016 02:12 PM, Kay Schenk wrote: >>>>>> >>>>>>> [top posting] >>>>>>> I'm in the process of trying to "sync" instructions for Linux32, >>>>>>> Linux64, and MacOSX at the moment. As far as instructions on the >>>>>>> actual >>>>>>> HOTFIX page, we need to have just a "general" instruction for ALL >>>>>>> zips >>>>>>> that simply says -- "Unzip this package to some folder of your >>>>>>> choosing >>>>>>> and read the README that's included." Everything else should be >>>>>>> in the >>>>>>> various READMEs for each platform. >>>>>>> >>>>>>> I should be done with all edits by this evening for a final review >>>>>>> before zipping and signing. >>>>>>> >>>>>> >>>>>> Ok, I've now moved on to creating zip files, etc for Linux32, Linux64 >>>>>> and Mac. >>>>>> >>>>>> My openssl version on does NOT supply digest sha256. Is it OK to use >>>>>> sha1? MD5 already computed for each of these. >>>>>> >>>>> >>>>> I like to have it consistent for all platforms. Therefore I'll >>>>> check the >>>>> ZIPs and deliver the sha256 hash files. >>>>> >>>>> Marcus >>>> >>>> >>>> Thanks a bunch Marcus! >>>> >>>> >>>> >>>>> >>>>> >>>>> >>>>> >>>>> On 08/05/2016 09:28 AM, Dennis E. Hamilton wrote: >>>>>>> >>>>>>>> Branching off the part that is not about the Windows 4.1.2-patch1 >>>>>>>> [TESTING]. >>>>>>>> >>>>>>>> -----Original Message----- >>>>>>>>> From: Marcus [mailto:marcus.m...@wtnet.de] >>>>>>>>> Sent: Thursday, August 4, 2016 15:52 >>>>>>>>> To: dev@openoffice.apache.org >>>>>>>>> Subject: Re: [TESTING] Applying openoffice-4.1.2-patch1 for >>>>>>>>> Windows >>>>>>>>> >>>>>>>>> Am 08/05/2016 12:26 AM, schrieb Kay Schenk: >>>>>>>>> >>>>>>>> [ ... ] >>>>>>>> >>>>>>>>> >>>>>>>>>> hmmm...well no zips for Mac, Linux32, or Linux 64 -- yet. >>>>>>>>>> >>>>>>>>>> Should we get started on these? >>>>>>>>>> >>>>>>>>> >>>>>>>>> it depends what we want that they should contain. The ZIP file for >>>>>>>>> Windows contains a LICENSE and NOTICE file as well as an ASC file >>>>>>>>> for >>>>>>>>> the DLL. As it is only a patch IMHO we don't need to provide >>>>>>>>> another >>>>>>>>> LICENSE and NOTICE file which is already available in the >>>>>>>>> OpenOffice >>>>>>>>> installation. Also the ASC is not necessary as we provide it >>>>>>>>> already >>>>>>>>> (together with MD5 and SHA256) for the whole ZIP file. >>>>>>>>> >>>>>>>> [orcmid] >>>>>>>> >>>>>>>> I think there is a misunderstanding. Two matters: >>>>>>>> >>>>>>>> 1. The use of LICENSE is required by the ALv2 itself, and >>>>>>>> the ASF >>>>>>>> practice is to include NOTICE as well on binary distributions. >>>>>>>> The patch >>>>>>>> qualifies, especially when it is moved to general distribution. >>>>>>>> It is also >>>>>>>> easy and harmless to provide. >>>>>>>> >>>>>>>> 2. The reason for preserving the .asc on the shared-library >>>>>>>> binary is >>>>>>>> because it authenticates with respect to who produced it and >>>>>>>> establishes >>>>>>>> that it has not been modified as supplied in the package (or as >>>>>>>> the result >>>>>>>> of some glitch in creation of the Zip). It provides a level of >>>>>>>> accountability and, also, auditability. >>>>>>>> >>>>>>>> Even though few people will check all of these, they remain >>>>>>>> possible to >>>>>>>> be checked. Since this is a matter of security vulnerabilities and >>>>>>>> involves elevation of privilege to perform, I believe it is >>>>>>>> important to >>>>>>>> demonstrate diligence and care, so that users have confidence in >>>>>>>> this >>>>>>>> procedure to the extent they are comfortable. Also, if it becomes >>>>>>>> necessary to troubleshoot a problem with these patch applications, >>>>>>>> we have >>>>>>>> the means to authenticate what they are using to ensure there >>>>>>>> are no >>>>>>>> counterfeits being offered to users. >>>>>>>> >>>>>>>>> >>>>>>>>> That means that only the README and library file remains. >>>>>>>>> >>>>>>>>> When the README for Windows keep its length then I don't want to >>>>>>>>> copy >>>>>>>>> this on the dowload webpage. ;-) >>>>>>>>> >>>>>>>>> So, when we put the README for all platforms in their ZIP files >>>>>>>>> then we >>>>>>>>> can just put a pointer to it on the download webpage and thats it. >>>>>>>>> >>>>>>>> [orcmid] >>>>>>>> >>>>>>>> Yes, that seems like a fine idea. The README can be linked the >>>>>>>> same >>>>>>>> way the .md5, .sha256, and .asc are linked. >>>>>>>> >>>>>>>> Also, the README may become simpler if we can link to some of the >>>>>>>> information and not have so much detail in the README text >>>>>>>> itself. It >>>>>>>> might even be useful to have an .html README for that matter. But >>>>>>>> that is >>>>>>>> all extra. Right now I think we want to get into the testing and >>>>>>>> see how >>>>>>>> to smooth what we have. >>>>>>>> >>>>>>>> PS: A friend of mine is looking into the MacOSX situation. He >>>>>>>> points >>>>>>>> out that one can use the Finder to do the job without users having >>>>>>>> to use >>>>>>>> Terminal sessions. I don't have further information at this time. >>>>>>>> >>>>>>>> PPS: The inclusion of scripts that do the job is also worthy of >>>>>>>> consideration, perhaps making it unnecessary to build >>>>>>>> executables. I will >>>>>>>> be looking at finding a .bat file that works safely for the >>>>>>>> Windows case. >>>>>>>> That can make the instructions much shorter :). >>>>>>>> >>>>>>>> >>>>>>>>> To cut a long story short: >>>>>>>>> I would say yes for a ZIP file for every platform. >>>>>>>>> >>>>>>>> [ ... ] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org > For additional commands, e-mail: dev-h...@openoffice.apache.org > -- -------------------------------------------- MzK "Time spent with cats is never wasted." -- Sigmund Freud --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
