On 21/01/2007, at 11:28 AM, Caio Tiago Oliveira wrote:
The bug is of the JRE, so it can happen in any program that uses it. But for being exploited the user would have to open a infected file.Since we distribute the JRE 5 update 9 in some builds, we could post a notice, but it's up to the security team, not QA:<http://www.openoffice.org/security/>
I suppose we can simply say "it's not our problem as QA", but I personally am quite worried about the lack of information on the security page above. The latest advisory is dated June last year, and the last two security problems affecting OpenOffice.org are not mentioned at all.
This affects our users, and it affects and their perception of OpenOffice.org. Surely I am not the only member of the QA team who is bothered by this?
Regardless of our sub-project(s) within OpenOffice.org, sloppy security makes us all look bad.
from Clytie (vi-VN, Vietnamese free-software translation team / nhóm Việt hóa phần mềm tự do)
http://groups-beta.google.com/group/vi-VN
PGP.sig
Description: This is a digitally signed message part
