Re: Remove NSS from xmlsecurity - alternatives?

2016-01-22 Thread Kay Schenk
On 01/21/2016 04:27 PM, Damjan Jovanovic wrote: > On Thu, Jan 21, 2016 at 11:53 PM, Kay Schenk wrote: > >> >> >> On 01/21/2016 10:04 AM, Damjan Jovanovic wrote: >>> On Thu, Jan 21, 2016 at 7:29 PM, Kay Schenk >> wrote: >>> On

Re: Remove NSS from xmlsecurity - alternatives?

2016-01-21 Thread Kay Schenk
On 01/16/2016 05:25 AM, Damjan Jovanovic wrote: > On Sat, Jan 16, 2016 at 12:16 AM, Kay Schenk wrote: > >> >> On 01/15/2016 12:18 AM, Damjan Jovanovic wrote: >>> Hi >>> >>> I believe we now have enough evidence that a serious issue, #125431, >> where >>> AOO lies that the

Re: Remove NSS from xmlsecurity - alternatives?

2016-01-21 Thread Damjan Jovanovic
On Thu, Jan 21, 2016 at 7:29 PM, Kay Schenk wrote: > > > On 01/16/2016 05:25 AM, Damjan Jovanovic wrote: > > On Sat, Jan 16, 2016 at 12:16 AM, Kay Schenk > wrote: > > > >> > >> On 01/15/2016 12:18 AM, Damjan Jovanovic wrote: > >>> Hi > >>> > >>> I

Re: Remove NSS from xmlsecurity - alternatives?

2016-01-21 Thread Kay Schenk
On 01/21/2016 10:04 AM, Damjan Jovanovic wrote: > On Thu, Jan 21, 2016 at 7:29 PM, Kay Schenk wrote: > >> >> >> On 01/16/2016 05:25 AM, Damjan Jovanovic wrote: >>> On Sat, Jan 16, 2016 at 12:16 AM, Kay Schenk >> wrote: >>> On 01/15/2016

Re: Remove NSS from xmlsecurity - alternatives?

2016-01-21 Thread Damjan Jovanovic
On Thu, Jan 21, 2016 at 11:53 PM, Kay Schenk wrote: > > > On 01/21/2016 10:04 AM, Damjan Jovanovic wrote: > > On Thu, Jan 21, 2016 at 7:29 PM, Kay Schenk > wrote: > > > >> > >> > >> On 01/16/2016 05:25 AM, Damjan Jovanovic wrote: > >>> On Sat, Jan 16,

Re: Remove NSS from xmlsecurity - alternatives?

2016-01-16 Thread Damjan Jovanovic
On Sat, Jan 16, 2016 at 12:16 AM, Kay Schenk wrote: > > On 01/15/2016 12:18 AM, Damjan Jovanovic wrote: > > Hi > > > > I believe we now have enough evidence that a serious issue, #125431, > where > > AOO lies that the password for encrypted files is wrong when it isn't, is

RE: Remove NSS from xmlsecurity - alternatives?

2016-01-16 Thread Dennis E. Hamilton
solution. This does not seem to be the kind of problem to hold back to a feature release. - Dennis > -Original Message- > From: Damjan Jovanovic [mailto:dam...@apache.org] > Sent: Saturday, January 16, 2016 05:26 > To: Apache OO <dev@openoffice.apache.org> > Subject

Re: Remove NSS from xmlsecurity - alternatives?

2016-01-15 Thread Pedro Giffuni
Hi Damjan and list; No idea if this is what you are looking for but it is interesting nevertheless: https://www.bouncycastle.org/java.html Cheers, Pedro. - To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For

Re: Remove NSS from xmlsecurity - alternatives?

2016-01-15 Thread Kay Schenk
On 01/15/2016 12:18 AM, Damjan Jovanovic wrote: > Hi > > I believe we now have enough evidence that a serious issue, #125431, where > AOO lies that the password for encrypted files is wrong when it isn't, is > caused by a failure in NSS: > * deliberately corrupting the Mozilla profile reproduces

Remove NSS from xmlsecurity - alternatives?

2016-01-15 Thread Damjan Jovanovic
Hi I believe we now have enough evidence that a serious issue, #125431, where AOO lies that the password for encrypted files is wrong when it isn't, is caused by a failure in NSS: * deliberately corrupting the Mozilla profile reproduces the issue on all operating systems * a patch I've written