On Nov 24, 2011, at 12:17 PM, "Dennis E. Hamilton" <[email protected]> wrote:
> Three concerns, in addition to the ones Gianluca expressed already: > > 1. The extensions.services.openoffice.org site is not working reliably and is > not operated by ASF. Any in-product access to the site has to work well and > deal with unavailability. > Do you have a proposal? > 2. I repeat my security concern over the increase of the product attack > surface when such downloading and installation is done internal to operation > of the product or its installer (which may already require elevated > privileges) without coming up with stronger means for authenticating > extension downloads. (The dictionary case is for data, so that is not quite > so scary. Authentication still matters.) > Do you have a proposal? > 3. Any automatic update mechanism is a further concern. > Do you have a proposal? > A security review activity is apparently missing from the development and > feature-decision process. That is not going to serve us well considering > that this is a consumer product directed toward non-expert and household > users. It must be assumed that our turn will come. > Do you have a proposal? > -----Original Message----- > From: Andre Fischer [mailto:[email protected]] > Sent: Thursday, November 24, 2011 05:29 > To: [email protected] > Subject: Re: GPL'd dictionaries (was Re: ftp.services.openoffice.org?) > > Hi all, > > The last open item on the IP clearance wiki page is the removal of the > dictionary module from the AOO source code. In order to provide a > developer build in the near future that does not contain category-x > licensed code we need a short term solution. > > The central question is if we have to really remove the dictionaries at > all. I did not see a definitive answer, so to be on the safe side I > assume that the dictionary module should be removed. > > This leaves the question of a replacement. One relatively straight > forward way seems to be to use the extensions that can be found at > http://extensions.services.openoffice.org/en/dictionaries. Two ways of > using these extensions come to (my) mind: > > A. Download the extension (assuming that the right locale can be > detected) automatically from the extension repository during installation. > > B. As last step of the installation, pop up a web page that, among other > things, tells the user that there is a dictionary extension that can be > installed and what its license is. > > Variant A has the better usability but may not be acceptable from a > legal view. > > Variant B would allow to display additional information and could offer > other (dictionary) extensions as well but would require more work to be > implemented. > > One problem with both variants is that > extensions.services.openoffice.org already seems to have load problems. > When everybody who installs Apache OpenOffice has to access this > server then its load would increase dramatically with a new release. > > > Unless there are objections I will remove the dictionary module now, to > clear the way for a category-x free developer build (or whatever its > name should be). > > For the 3.4 release we have to decide on and implement a replacement. > > Best regards, > Andre >
