Am 10.05.21 um 20:49 schrieb Marcus: > Am 06.05.21 um 15:50 schrieb Matthias Seidel: >> Am 06.05.21 um 15:08 schrieb Jim Jagielski: >>> Once we tag HEAD of AOO41X to AOO4110 >> >> Can't wait! ;-) >> >> I have dozens of commits to be backported to AOO41X... > > @Jim: > Can you please create the release tag from the 41X branch? Then we can > close the relase schedule for 4.1.10.
+1 Can we move on? Matthias > > Thanksa > > Marcus > > > >>>> On May 6, 2021, at 8:28 AM, Matthias Seidel >>>> <matthias.sei...@hamburg.de> wrote: >>>> >>>> Hi all, >>>> >>>> Just a pragmatic question: >>>> >>>> When do we want to start working on AOO 4.1.11? >>>> >>>> The sooner we branch it, the sooner we can do Test builds and let >>>> people >>>> see if their problem is fixed... >>>> >>>> Matthias >>>> >>>> Am 05.05.21 um 23:31 schrieb Peter Kovacs: >>>>> On 05.05.21 22:11, Arrigo Marchiori wrote: >>>>>> Hello Peter, all, >>>>>> >>>>>> On Wed, May 05, 2021 at 05:44:17PM +0000, Peter Kovacs wrote: >>>>>> >>>>>>> On 05.05.21 14:37, Arrigo Marchiori wrote: >>>>>>>> Hello, >>>>>>>> >>>>>>>> On Wed, May 05, 2021 at 07:08:11AM +0000, Peter Kovacs wrote: >>>>>>>> >>>>>>>>> The best approach I believe is to add a whitelist feature as for >>>>>>>>> macro >>>>>>>>> files. >>>>>>>>> >>>>>>>>> Users can add then the links they wish to approve. >>>>>>>> Do you mean file-based whitelists instead of target-based? >>>>>>>> >>>>>>>> I will try to explain myself better: the current filter on AOO >>>>>>>> 4.1.10 >>>>>>>> is target-based, because it is the target of the link that >>>>>>>> triggers >>>>>>>> the warning. Are you suggesting to add a whitelist based on >>>>>>>> files, for >>>>>>>> example "allow any links in documents from this directory"? >>>>>>>> >>>>>>>> If so, would you use the same whitelist as for macros, or would >>>>>>>> you >>>>>>>> introduce another one? >>>>>>> I do not think that it makes sense to allow >>>>>>> https://my.payload.crime/AOO_diskscrambler.ods to be seen as save >>>>>>> target for >>>>>>> opening and macro execution at the same time. >>>>>>> >>>>>>> Better is to have both separated. And the simple practicable >>>>>>> solution is to >>>>>>> just add an own list which allows targets to be listed. >>>>>> I see. But please let us distinguish targets and sources. >>>>> Well, yea this is a nice abstraction I did not make. Good one. >>>>>> The macros' whitelist contains _directories_ (I don't really like >>>>>> calling them folders, I hope you don't mind) whose files are >>>>>> trusted, >>>>>> with respect to macro execution. >>>>> sure. Names are sound and smoke ;) - sorry can not resist this german >>>>> IT idiom. >>>>>> In your reply above you seem to discuss a whitelist of _link >>>>>> targets_? >>>>>> Not documents, containing links that shall always be followed? >>>>> Yes, I thought on the target of the link. For me was this the >>>>> important trait. >>>>> >>>>> However if I think in which document I grant the security level. Hmm, >>>>> I think this makes the whole concept a lot easier. >>>>> >>>>> Plus we would then one list. So we extend an existing feature. >>>>> >>>>>>> If we would want to have a vision, where we should develop to, this >>>>>>> would be >>>>>>> mine: >>>>>>> >>>>>>> We have One list and 2 properties. 1 property for hyperlink >>>>>>> whitelisting, >>>>>>> the other one for (macro) execution. I like our 4 security stages. >>>>>> The four security levels currently available for macros, if I >>>>>> understand correctly, are based on a combination of: >>>>>> >>>>>> - digital signatures of the macros (signed or not), >>>>>> - trust of certain digital signatures (certificate trusted or >>>>>> not), >>>>>> - position of the document (directory whitelisted or not). >>>>>> >>>>>> This is... quite complex IMHO. >>>>> That why I have written it is maybe a vision. And maybe it is to >>>>> much. >>>>>> Did you refer exactly to this model? >>>>> yes kind of. I thought that a hyperlink has some sort of certiicate >>>>> and an macro can have some certification and that is kind of the same >>>>> thing... >>>>>> Or >>>>>> shall we rather adopt a simpler one for links, for example only >>>>>> considering the directories whitelist? >>>>> Now that I think on your approach I think we should only look at the >>>>> directory that the document has been opened from. But still I would >>>>> still rather configure it per directory, then in a general and work >>>>> with exclusions. >>>>> >>>>> However this is maybe not so smart to implement now, since our >>>>> profile >>>>> is not robust enough. It will break eventually, and then all nice >>>>> settings are lost. And that is not something I would like to have. >>>>> >>>>>> And to understand better: does AOO allow to sign individual >>>>>> macros? Or >>>>>> just the document containing them? I don't think that it allows to >>>>>> sign individual links within a document. >>>>> No it would not sign individual links on the document.- But don't we >>>>> have document signing? >>>>> >>>>> For links we could check if the document is signed. >>>>> >>>>> >>>>> So summing up: >>>>> >>>>> # Instead of checking where the hyperlink is refering to, only check >>>>> where the document has been stored. (Treat hyperlinks as macros so to >>>>> say.) >>>>> >>>>> # As an enhancement we could add a model that checks for the nearest >>>>> applicable path to the document, and applies that rule. >>>>> >>>>>>> Example for a customized setup on a POSIX filesystem (security >>>>>>> level >>>>>>> 3 = >>>>>>> very high and 0 = low; first value is hyperlink, second value is >>>>>>> macro >>>>>>> execution of this origin): >>>>>>> >>>>>>> /tmp (3,3) => Everything in the temp folder does not open links or >>>>>>> execute >>>>>>> macros >>>>>>> >>>>>>> ~/ (2,2) => something that is within the home path, but not a >>>>>>> folder >>>>>>> listed >>>>>>> below, may execute signed macros or open targets that have a >>>>>>> trusted >>>>>>> certificate >>>>>>> >>>>>>> ~/Downloads (2,3) => Downloads may open Links with a trusted >>>>>>> certificate but >>>>>>> not allow to execute any macros >>>>>>> >>>>>>> ~/onlymystuff (0,0) => this is my documents and I allow everything >>>>>>> possible >>>>>>> here. >>>>>>> >>>>>>> ~/macro_examples (3,1) => delivered example I do not want them to >>>>>>> execute, >>>>>>> but they may be not linked by another document. >>>>>>> >>>>>>> ftps://securecontent.org ( 2,2) => this links pointing to this >>>>>>> target are >>>>>>> opened, and the downloaded file may execute macros if they are >>>>>>> signed with a >>>>>>> trusted key. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org > For additional commands, e-mail: dev-h...@openoffice.apache.org > >
smime.p7s
Description: S/MIME Cryptographic Signature