Hi Arrigo,

Am 14.05.21 um 07:27 schrieb Arrigo Marchiori:
> Hello Carl, all,
> On Thu, May 13, 2021 at 07:23:16PM -0400, Carl Marcum wrote:
> [...]
>> Hopefully we can collect the exceptions in the BZ issue noted in this thread
>> and then agree on the direction.
>> The few I see so far are:
>> 1. in-document links beginning with #.
>> 2. .uno:XXX links
>> 3. Links to local files.
>> I think all 3 are candidates but that's just me.
>> @Arrigo, were you planning on a PR for AOO41X ?
>> If not, I can try at least some of it but again I'm not really a C++ guy yet
>> :)
> I suggest we make up our minds on the intended solution first, and
> then start coding it. We have seen some interesting proposals, some of
> which were quite complex (adding configuration settings, dialogs etc).
> The three categories listed above would be candidates for
> whitelisting, and this would be the quickest fix. But someone fluent
> in UNO should first ensure all of us that no.2 is not going to reopen
> any other backdoors!
> Maybe this topic is worth a discussion with vote, the Apache way? So
> we get our roadmap fixed.
>>>> There is also the suggestion (Dave's maybe?) that we add the 3
>>>> security levels (that are already in the code) for links to the UI
>>>> settings and let the user lock it down or open it up from where it is
>>>> now.
> Yes, I was referring to this and to Peter's ideas.
>>> Yes, but that will only work for trunk/AOO42X since we need to update
>>> the translations too.
> I agree, but how many 4.1.X versions do we want to publish before 4.2.0?
> Now that we support two digits, please let us not point to 4.1.99 ! ;-)

As "soon" as all Release Blocker are fixed we can release 4.2.0 ;-)



> Best regards,

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to