Am 14.05.21 um 10:19 schrieb Matthias Seidel:
Hi Arrigo,
Am 14.05.21 um 07:27 schrieb Arrigo Marchiori:
Hello Carl, all,
On Thu, May 13, 2021 at 07:23:16PM -0400, Carl Marcum wrote:
[...]
Hopefully we can collect the exceptions in the BZ issue noted in this thread
and then agree on the direction.
The few I see so far are:
1. in-document links beginning with #.
2. .uno:XXX links
3. Links to local files.
I think all 3 are candidates but that's just me.
@Arrigo, were you planning on a PR for AOO41X ?
If not, I can try at least some of it but again I'm not really a C++ guy yet
:)
I suggest we make up our minds on the intended solution first, and
then start coding it. We have seen some interesting proposals, some of
which were quite complex (adding configuration settings, dialogs etc).
The three categories listed above would be candidates for
whitelisting, and this would be the quickest fix. But someone fluent
in UNO should first ensure all of us that no.2 is not going to reopen
any other backdoors!
Maybe this topic is worth a discussion with vote, the Apache way? So
we get our roadmap fixed.
There is also the suggestion (Dave's maybe?) that we add the 3
security levels (that are already in the code) for links to the UI
settings and let the user lock it down or open it up from where it is
now.
Yes, I was referring to this and to Peter's ideas.
Yes, but that will only work for trunk/AOO42X since we need to update
the translations too.
I agree, but how many 4.1.X versions do we want to publish before 4.2.0?
Now that we support two digits, please let us not point to 4.1.99 ! ;-)
As "soon" as all Release Blocker are fixed we can release 4.2.0 ;-)
yes, the goal is easy but to reach it that is the challenge.
Marcus
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org
