Re: A free project does not need distorting propaganda

2021-08-18 Thread Simon Phipps
Hi!

On Wed, Aug 18, 2021 at 9:38 PM Jörg Schmidt  wrote:

>
> Any claim that a continuous code base down to StarWriter for DOS could
> exist is technically and factually absurd, because there is no technical
> continuation of the DOS code base of Starwriter and also the code base at
> the transition from StarOffice 5.x to StarOffice 6.0/OOo 1.0.0 was renewed
> by SUN Microsystems so seriously that factually there is no continuity of
> e.g. API or file format.
>

The code demonstrably has starting points that are 30 years old as stated.
For example, see /main/tools/source/generic/gen.cxx

which includes plenty of code from the early 90s, including the various
methods for Rectangle created 19.03.90 by Thomas Hosemann at and after line
312.

Apache OpenOffice and LibreOffice have a heritage that demonstrably
stretches past their inception, past the inception of their predecessor
OpenOffice.org, back 30+ years of continuously-improved source code,
arguably right back to the Z80 code Marco wrote in 1985 (although that is
not claimed here).  Even with outdated code and comments removed (as has
largely happened in LibreOffice) we still have a Ship of Theseus situation.
The statement for FrOSCon seems perfectly sound to me.

Cheers

Simon


Re: A free project does not need distorting propaganda

2021-08-18 Thread Simon Phipps
Hi!

On Wed, Aug 18, 2021 at 8:46 PM Jörg Schmidt  wrote:

> Hello,
>
> to my dismay I read, from a PMC member, on users...@openoffice.apache.org
> that they are trying to mix up our free OpenOffice with the former
> proprietary StarWriter. Obviously purely for the sake of show and obviously
> also in ignorance of the facts.
>
> As someone who has been volunteering in the OO project (OOo and AOO) for
> 15 years, I want to make my opinion clear:
> We have such propaganda not necessary, but us by honest work on a free
> software, since OOo 1.0.0, is completely sufficient.
> Personally I would like to make clear that such a kind of profiling by
> propaganda, will not be supported by me, neither now nor in the future.
>
>
> I hereby ask to remove the distorting statement from the page
> https://live.froscon.de/partner/openoffice again.
>

Can you be more detailed what problem you see please? I visited the page
and I can't see an obvious error of a nature to cause such dismay.

Cheers

Simon
(involved in OO.o and its progeny for 21 years)


Re: [discussion] use of https://downloads.apache.org/ as a download page

2021-05-02 Thread Simon Phipps
On Sun, May 2, 2021 at 11:38 AM Peter Kovacs  wrote:

>
> So what do you think? Should we promote the alternate link with this
> release more publicly maybe on Forums and go for a transition to a
> different download policy?
>

Nice work, Peter. It's clearly preferable to have downloads under Apache
direct control so yes.

S.


Re: [Consensus Building] What we should do now (was: [lazy consensus] ... Big Sur)

2020-12-28 Thread Simon Phipps
On Mon, Dec 28, 2020 at 1:13 PM Peter Kovacs  wrote:

>
> On 28.12.20 13:17, Jim Jagielski wrote:
> > Playing devil's advocate here: does it make sense to actually post a blog
> > article about this and then, maybe a week later, have the article
> > moot with the actual release?
>
> Yes I think it is worth it and we should train to do such things more
> often.
>
> First of all we prepare our community on the patch. It will be the first
> time that we tell them what we did and why.
>
> The second benefitial point is we will set a expectation. Currently it
> is still fuzzy one, but people will be looking for an update more
> frequently, so if we deliver a week later that would be awesome.
>
> On third:  In the blogpost is we invite for testing. So maybe m,ore
> people will show up to look at the Release Candidate.
>
> My last pro argument is we need also to link other channels to the blog
> post. On facebook it takes some days untill a post reaches the people.
>
> So in case we extend the range it would be great. Just as a reminder, we
> usually do not say anything, and people are used that the dev team works
> more behind the scene.
>

One more "pro" reason is SEO. By creating a blog post about the issue -
preferably quoting the error message the user sees as that's what they are
likely to type into the search box - search engines are more likely to
direct users to the project's explanation than to other locations.

S.


Re: Writer and .docx

2020-10-16 Thread Simon Phipps
On Fri, Oct 16, 2020 at 12:26 PM Joost Andrae  wrote:

> regarding the documentliberation stuff:
> I know some of those filters for a longer time. AFAIK these where
> implementations from one of the Novell guys (Fridrich Strba as far as I
> remember; see http://fridrich.blogspot.com/ )
>

Yes, DLP is his project.

S.


Re: Writer and .docx

2020-10-16 Thread Simon Phipps
Hi Joost!

On Fri, Oct 16, 2020 at 11:49 AM Joost Andrae  wrote:

> Hi Simon,
>
> it's an honor to me to see a sign of life of you here. Welcome !
>

I've been a relatively active member here from the beginning!

Instead of user picking here to get users leave from AOO to LO a
> developer could create a Java based OOo/LO extension that uses Apache
> POI to export OpenDocument type documents to MSXML formats by using the
> binary MSO export to export those documents to the MSXML format in
> between. Or maybe it's possible to XSL this document format by using
> OpenOffice together with Apache POI. Using XSL scripts (in AOO menu item
> XML filter settings) to make document conversions is possible within OOo.
>

That sounds an interesting new user feature. Rather than only using POI, a
pluggable approach that could also use libraries from the Document
Liberation Project https://www.documentliberation.org/ would be excellent.

Cheers,

Simon


Re: Writer and .docx

2020-10-16 Thread Simon Phipps
Hi!  As Peter said, it seems unlikely this branch of OpenOffice.org will be
enhanced with the ability to write .DOCX format. However, another branch
has added this capability and offers all the other convenient options you
mention as well. You can get it from our "sister" community at
https://libreoffice.org/download

Cheers

Simon

On Fri, Oct 16, 2020 at 8:44 AM Наталья Василенко 
wrote:

> Hello! I would like to know is there any hope that users can save
> documents in Writer in .docx format? In the latest version of your
> OpenOffice users can open documents in .docx format, but they cannot save
> in that format. I think it is not comfortable for many users with the fact
> that your product is very convenient in other options.
> Could this feature be enabled in later versions of your product?
>
> Thank you for your response.
>


Re: How to join Docs team

2020-04-01 Thread Simon Phipps
On Wed, Apr 1, 2020 at 5:32 PM Jörg Schmidt  wrote:

> Hello,
>
> > From: bmcs [mailto:b...@apache.org]
> > Authors to ODF Authors. The idea being that it would be one of the few
> > shared areas where AOO and LO could work cooperatively
> > together
>
> I don't believe that at that time, after all the slander and lies on the
> part of LO, against AOO, cooperation was still possible!
>
> It should never be forgotten how the highest representatives of our
> project (for example Rob Weir) were publicly insulted by TDF members.
>

Seriously, can we let it go please? This sort of posting creates a hostile
environment that discourages participation.

S.


Re: Fwd: Re: Are you still looking for excellent English speaker volunteers for OpenOffice ?

2019-11-30 Thread Simon Phipps
On Sat, Nov 30, 2019 at 8:55 AM M. A. Hook  wrote:

>
>  as M$ is taking over
> LibreOffice and already has their program dependent upon some of
> Windows' parts.
>

This is not a true statement and I'd encourage you not to repeat it.

S.


Re: PMC Chair

2019-11-22 Thread Simon Phipps
Hi Peter - Thanks for the update and also for your service as PMC Chair all
this time! You definitely deserve a break!

(FWIW, I asked not as a criticism but because previous chair rotations were
discussed here (as far as I remember!) and I wondered why this one was done
privately.)

Cheers,

Simon

On Fri, Nov 22, 2019 at 4:50 PM Peter Kovacs  wrote:

> Hello everybody,
>
> I am not speaking for the PMC, but for myself and from my personal view.
> I joined the Project in 2016. It has been my became Chairman in end of
> 2017. As unexperienced as I have been it was the best move for me to go
> into.
> It have been an exiting and educating 2 year period as Chairman. Since the
> PMC has decided we want to change the chair on regular bases and often I
> fought for my availability until very late in this year.
> But now I am relieved that I can relax a little from the mails.
>
>  I announced early on private to give everyone on the PMC enough time to
> think his or her availability through. After all it is a free choice to
> stand up for this.
>
> The Chairman is in my eyes a sort of envoy between
> ASF and PMC. I would not make much of a Fuzz about the change. This is
> less important then the title implies.
> I hope we can convince someone else to step up for 2021. Maybe again a
> fresh face from the none ASF Members on the PMC. That would be super cool.
>
> I want to focus next year my time more on project building topics and on
> development. So this is not to be seen as a stepping down. I would title it
> more as a position shift. And I am very happy to know Jim will be on the
> watch @board. I have no doubts that Jim is a good choice.
>
> I hope this extensive comment is helping everyone. If you have more I am
> happy to answer them here on @dev. Just have some patience since due to the
> shift I will maybe slower on answers.
>
>
> Have fun
> Peter
>
>
>


Re: PMC Chair

2019-11-22 Thread Simon Phipps
On Thu, 21 Nov 2019, 21:48 Patricia Shanahan,  wrote:

> One of the resolutions passed at the last board meeting was:
>
> "Change the Apache OpenOffice Project Chair (Jim Jagielski, VP)"
>
> Jim,
>
> I don't know whether congratulation or commiseration is more
> appropriate, so you get whichever you prefer from me.
>

Likewise!

I'm slightly surprised this was decided in September but only just became
public. Can the PMC comment please?

S.

>


Re: CVE-2018-10583

2019-09-30 Thread Simon Phipps
On Sun, Sep 29, 2019 at 7:40 PM Marcus  wrote:

> Am 28.09.19 um 18:19 schrieb Bidouille:
> > Last build 4.1.7 is it safe with this vulnerability?
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10583
>
> we don't talk about such kind of issues in the public. Please use the
> offical security channel for this.
>

While that's true for embargoed CVEs, this one has been public since
February and it seems entirely reasonable to ask if it has been addressed
in the most recent release.

S.


Re: FOSDEM dinner invitation

2018-02-03 Thread Simon Phipps
Peter Kovacs and I are signed up. I'll be late so you are welcome to go as
me and I'll persuade the team to let me in later!

S.

On 3 Feb 2018 11:07, "Gavin McDonald" <ga...@16degrees.com.au> wrote:

> This is today/tonight?
>
> Is anybody from  OpenOffice going ? It sure would be nice.
>
> https://wiki.documentfoundation.org/Events/2018/FOSDEM#Social_Dinner <
> https://wiki.documentfoundation.org/Events/2018/FOSDEM#Social_Dinner>
>
> Gav…
>
>
> > On 23 Jan 2018, at 4:07 am, Simon Phipps <si...@webmink.com> wrote:
> >
> > Just a reminder that everyone on this list is invited for dinner at
> FOSDEM
> > as below.  Cheers!
> >
> > On Fri, Jan 12, 2018 at 12:38 PM, Simon Phipps <si...@webmink.com>
> wrote:
> >
> >> Dear AOO developers,
> >>
> >> The board of directors of The Document Foundation have asked me to
> extend
> >> their invitation to join the LibreOffice developers for an informal
> dinner
> >> on the Saturday evening at FOSDEM (February 3rd, 8pm) in Brussels. If
> you
> >> would like to attend, please add your name and contact details to the
> wiki
> >> at https://wiki.documentfoundation.org/Events/2018/FOSDEM#Social_Dinner
> >> or contact me privately if you have any problems.
> >>
> >> Best regards,
> >>
> >> Simon
> >>
>
>


Re: FOSDEM dinner invitation

2018-01-22 Thread Simon Phipps
Just a reminder that everyone on this list is invited for dinner at FOSDEM
as below.  Cheers!

On Fri, Jan 12, 2018 at 12:38 PM, Simon Phipps <si...@webmink.com> wrote:

> Dear AOO developers,
>
> The board of directors of The Document Foundation have asked me to extend
> their invitation to join the LibreOffice developers for an informal dinner
> on the Saturday evening at FOSDEM (February 3rd, 8pm) in Brussels. If you
> would like to attend, please add your name and contact details to the wiki
> at https://wiki.documentfoundation.org/Events/2018/FOSDEM#Social_Dinner
> or contact me privately if you have any problems.
>
> Best regards,
>
> Simon
>


FOSDEM dinner invitation

2018-01-12 Thread Simon Phipps
Dear AOO developers,

The board of directors of The Document Foundation have asked me to extend
their invitation to join the LibreOffice developers for an informal dinner
on the Saturday evening at FOSDEM (February 3rd, 8pm) in Brussels. If you
would like to attend, please add your name and contact details to the wiki
at https://wiki.documentfoundation.org/Events/2018/FOSDEM#Social_Dinner or
contact me privately if you have any problems.

Best regards,

Simon


Re: Bugzilla

2017-05-21 Thread Simon Phipps
Jörg

On Sun, May 21, 2017 at 1:01 PM, Jörg Schmidt  wrote:
>
> Today the TDF is not independent, but depends on several companies,
> instead of one. These companies may also be very community-friendly, but
> again there is dependency and this dependency is actively exploited.
>

Please stop, this is poisonous. None of us who volunteer in both projects
recognise the description you (and you alone) keep giving of TDF and LO.
Repeating untrue statements like these over and over discourages
involvement by creating a hostile environment and promotes division. TDF
has moved on; it's time you did too.

Simon


Re: Old AOO referencing in Google

2017-05-11 Thread Simon Phipps
On Thu, May 11, 2017 at 9:29 PM, Marcus  wrote:
>
>
> the 404 is now gone.


But so is the usable table of downloads, which is completely lost. I
believe that is an unwelcome step backwards.

S.


Re: Old AOO referencing in Google

2017-05-11 Thread Simon Phipps
On Thu, May 11, 2017 at 8:04 PM, Hagar Delest 
wrote:

> Le 10/05/2017 à 23:21, Marcus a écrit :
>
> I've deleted the webpage that is mentioned in the result page the user has
>> posted in the screenshot. As soon as Google is re-indexing our website I
>> expect that this special webpage is recognized as deleted and therefore no
>> longer in the search results.
>>
> I agree with others that the page itself should be kept to allow the
> download of older versions.


It should be restored ASAP since at the moment it makes the download page
deliver a 404 when v3.4.1 is requested from the dropdown. I've no access
otherwise I'd do it now.


> But perhaps there are keywords that can be removed to lower the relevance
> for a search.
> Or perhaps increase the visibility of the archived & legacy versions
> (quite hidden as a last link at bottom of the additional resources section).


Indeed, that was what I meant by "not promoting". At a minimum the page
should have a prominent warning that the versions in the table are very
old, legacy versions with known security issues and should not be used
unless the user is fully aware of what they are doing. That way anyone
clicking through to it from a search result will be sufficiently warned. We
should just rely on SEO.

S.


Re: Old AOO referencing in Google

2017-05-10 Thread Simon Phipps
On Wed, May 10, 2017 at 11:29 PM, Marcus  wrote:


> Or choose the item "Older releases" if you need a way older version. Then
> you can get it - by clicking on the Archive link - from our archive.
>

Except you just deleted the page that the dropdown points to for v3.4.1 -
it just gave me a 404 error.

S.


Re: Old AOO referencing in Google

2017-05-10 Thread Simon Phipps
On Wed, May 10, 2017 at 10:21 PM, Marcus  wrote:

>
> However, it doesn't matter. There is no reason to provide download pages
> to offer outdated versions - based on w.oo.o. Of course we cannot influence
> what others are offering on their webpages.
>

I disagree. I and users I support have often had reason to download old
versions of software. The most common cause is because they are using an
outdated operating system they can't change for some reason, but sometimes
a feature or a bug of a given version is needed.

There's no need to promote them, but removing them is a mistake.

S.


Templates Site "Access Denied"

2017-02-22 Thread Simon Phipps
Hi all,

There have been a large number of reports on the Users mailing list of
people getting Access Denied messages when they attempt to access any of
the templates at http://templates.openoffice.org/ or
http://templates.services.openoffice.org/. This situation has been
previously reported here several times so I'm surfacing it as a clear
top-level thread.

I have been able to reproduce the error simply by visiting the site and
clicking on the name of any template, using an incognito Chrome window on
ChromeOS to ensure there are no statefulness issues.

I've no access to the site so can't investigate further. Can someone with
admin rights investigate please?

Best regards,

Simon


Re: Community building: give our User a chance to contribute!

2017-01-23 Thread Simon Phipps
On Mon, Jan 23, 2017 at 5:21 AM, Jörg Schmidt  wrote:

>
> > From: toki [mailto:toki.kant...@gmail.com]
>
> > * GoOo: The fork that wasn't.
>
> Oh, that was a fork! A fork against OpenOffice.
>

In fact Go-OO was started by Ximian in 2003, long before Novell bought
them, as a convenient build system for developers not working within Sun.
The difficulty of getting the Sun team to accept patches, and the
complexity of the Sun build system, meant that most developers external to
Sun used Go-OO as their repository.

There were indeed strong words spoken by many people (including me on Sun's
behalf) but for the most part Go-OO maintained its role as a downstream
convenience for non-Sun contributors and played a positive role developing
a developer community around the code. I think we would all be well served
by dropping the decade-old hostility to it at this point.

S.


Re: future of OpenOffice

2017-01-12 Thread Simon Phipps
Hi Dave, all.

On 12 Jan 2017 22:50, "Dave Fisher"  wrote:

Please correct the specific non Apache licenses if I get them wrong. As far
as I know the sequence of events is:


OpenOffice.org was originally dual licensed under LGPLv2 and SISSL (OSI
approved but now retired). With v3 we changed the license to LGPLv3 only.
When Oracle bought Sun, OO.o was licensed just under LGPLv3.

Oracle buys Sun including OpenOffice (closed license) and the open source
OpenOffice.org (GPL2).


At the time of purchase, the proprietary version was called "StarOffice";
Oracle changed the name of this proprietary version to Oracle Open Office.


TheDocumentFoundation forms and forks OpenOffice.org as LibreOffice under
GPL2


LibreOffice was only under LGPLv3 at this point as any other choice would
have required the copyright owner to relicense.  At some point (not sure
when) TDF requested contributions be made under both LGPLv3 and MPLv2 in
the hope of future relicensing, and invited Oracle to participate.

Oracle donates OpenOffice.org to the Apache Software Foundation relicensed
to AL2. Headers changed by an Oracle employee following ASF policy.


IBM donates OpenSymphony to the ASF relicensed to AL2. Headers changed by
an IBM employee following ASF policy.

The Document Foundation takes much of the Apache OpenOffice AL2 licensed
software and rebases LO on it. This allows integration of OpenSymphony
code. Completely permissible under the AL2. They re-did the license of all
the source as MPL2 changing the headers. Some think that this is shady
although permitted. In effect this prevents LO updates from being
contributed back to AOO.


I doubt TDF could have integrated all the contributions to LO it received
under LGPLv3 and MPLv2 any other way.


That is the sequence.

One could ask on LO lists why they did this, but all we know here is what
happens here.

Some say it is more fun to develop LO. Others like Patricia and I like the
benefits of consuming AL2 software as opposed to GPL. Certainly TDF likes
to consume AL2 software.


The license a community uses is an expression of its outlook and norms.
Apache and TDF have differing outlooks (although they have remarkably
similar governance) so it's no surprise their license choices differ as
well. I'd hesitate to declare either Apache or TDF's choices as better for
everything and consequently have advocated for both at various times.

Cheers,

S.
(speaking here only as an AOO community member)



Regards,
Dave

Sent from my iPhone

> On Jan 12, 2017, at 10:29 AM, Patricia Shanahan  wrote:
>
> Thanks for the correction.
>
>> On 1/12/2017 7:38 AM, Nagy Ákos wrote:
>> https://www.openoffice.org/licenses/lgpl_license.html
>> Based on this page, OpenOffice change the license from LGPLv3 to Apache
>> 2.0 only when Oracle donate the code to Apache Foundation in june 2011,
>> but LibreOffice was forked from OOo in september 2010.
>>
>> An article about this:
>> http://www.zdnet.com/article/what-the-heck-is-happening-with
-openoffice-update/
>>
>> 2017. 01. 12. 15:25 keltezéssel, Tsutomu Uchino írta:
>>> See this mail: http://legal-discuss.markmail.org/thread/mleqsm636zf5fqia
>>>
>>> 2017-01-12 6:18 GMT+09:00 Dave :
>>>
> On 11.01.2017 09:44, Patricia Shanahan wrote:
>> On 1/10/2017 11:29 PM, Nagy �kos wrote:
>> Hi,
>>
>> it is impossible, because the LO license is LGPL+MPL, that can't be
>> merged in OpenOffice.
> That choice of license was very unfortunate, and a regrettable barrier
> to cooperation between the projects. When LO split off they could have
> kept the Apache license and the potential for future cooperation.
 The first release of OOo v3 was under LGPLv3 per Louis Suarez-Potts:
 https://lwn.net/Articles/272202/

 In September 2010 LO forked from OOo and released LO 3.3 in January
2011
 under the same license.

 Around 6 months later in June 2011 Oracle donated the LGPLv3 code to
the
 ASF and AOO 3.4 was released in May 2012 under ALv2.

 In spite of a seemingly contradictory statement on the license page of
 the LO website, the above dates clearly show that LO code was forked
 from the original OOo code, not from the AOO code.

 Please let's not try to rewrite history.

 --
 Please address any reply to the mailing list only. Any messages sent to
 this noreply@ address are automatically deleted from the server and
will
 never be read.


 -
 To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
 For additional commands, e-mail: dev-h...@openoffice.apache.org


>>
>>
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
>> For additional commands, e-mail: dev-h...@openoffice.apache.org
>>
>
> 

Re: Request for Nofollow or Removal of Links to My Site at Openoffice

2016-09-25 Thread Simon Phipps
On Sun, Sep 25, 2016 at 4:54 PM, Patricia Shanahan  wrote:

> We do need to get control of templates.openoffice.org, either direct
> control or a SourceForge contact to whom we can pass this sort of request.


More than that, the site looks like it has more than just the OP using it
for SEO. Read through the (presumably automated) postings on
twitter.com/aootemplates and there is a very troubling sequence of
unvarnished SEO/promo template postings. Looks to me like it needs some
sort of a review phase before new contributions are accepted.

S.


Re: Independent Entity to Develop and Further AOO

2016-08-31 Thread Simon Phipps
On Wed, Aug 31, 2016 at 11:44 PM, Dennis E. Hamilton <
dennis.hamil...@acm.org> wrote:

>
>
> > -Original Message-
> > From: toki [mailto:toki.kant...@gmail.com]
> > Sent: Wednesday, August 31, 2016 11:30
> > To: dev@openoffice.apache.org
> > Subject: Re: Independent Entity to Develop and Further AOO
> >
> > On 31/08/2016 16:26, Dennis E. Hamilton wrote:
> >
> I think that is the case because downstream producers, who get the support
> business, contribute to their upstream framework or source-code distributor.
>
> What indication is there that any of that is working for Apache
> OpenOffice?  Maybe if we stopped shipping binaries?  How would that work
> for the individuals who seem to dominate our download consumption?


Since the "downstream" producers seem better equipped to deliver signed and
vulnerability-corrected binaries to non-specialist consumers on a timely
schedule, maybe delegating downloads to them would be a good option for the
project?

S.


John McCreesh

2016-01-18 Thread Simon Phipps
Those of us who were also part of the former OpenOffice.org project will be
shocked to hear of the sudden and untimely death of John McCreesh, who used
to be the (volunteer) marketing lead for the project. I have written more
in [a public post on Facebook][1] which also includes a newspaper report of
his death. Those with access to his Facebook wall will see a long list of
tributes.

Regards

Simon

[1]: https://www.facebook.com/simon.phipps/posts/10153969052221654


Re: [QUESTION] Usability of Non-Optional Java Dependencies

2015-10-29 Thread Simon Phipps
One more factor to consider is that the official Java installer promoted by
Oracle tries really hard to trick the end-user into installing
adware/spyware at the same time. We used to avoid this in the Sun installer
by bundling Java, but having it as an external dependency for new AOO users
means they face the challenge not only of finding and installing Java but
avoiding the malware as they do so.

I'd say this was a really big negative for a dependency on official Java.
It's not a problem on Linux where there is usually an OpenJDK bundle
available, but it's a huge negative on Windows.

S.


On Thu, Oct 29, 2015 at 5:44 PM, Dennis E. Hamilton <orc...@apache.org>
wrote:

> The Java dependency problem keeps coming up buried in other threads.  I am
> redirecting the most recent case so we can put light on this situation.
>
> Before the dependencies on Java are increased/improved, I think there is a
> crucial usability matter.
>
>  1. Currently users are trap-doored by exercising a feature or dialog that
> suddenly raises a Java dependency, sometimes for which there is no escape
> other than finding a way to shut down AOO that is not a normally-required
> skill.
>
>  2. The fact that full functioning of AOO is buried in the system
> requirements in a way that users can easily overlook (or never examine) is
> a problem.  We can fix that page, even providing (or linking to) specific
> details of what the dependencies are. That would be useful so developers
> and power-users have the details.  However, the system requirements are
> probably not read by most who download the software (based on over 40
> million downloads of 4.1.1, overwhelmingly on systems designed for casual
> users).
>
>  3. If the installer required presence of Java, that would be a clear
> indication that it is required for operation.  It would also be helpful if
> the installer provided an usable link for installing a workable Java if one
> is not present.
>
>  4. If the presence of Java is indeed optional, and the user does not have
> it or elects not to use it, AOO should not even offer functions for which
> Java is required.  That is another way to improve the usability and at
> least avoid users falling through trap-doors.
>
>  5. Shouldn't we do this better?  Or are we to decree that AOO is only
> intended for power-users who have strong skills with regard to managing
> their configurations, managing the install of dependencies,
> trouble-shooting and being able to work around the not-dependable way
> things work now?
>
> Three paths come to mind.
>
>  A. Remove the Java dependencies.
>
>  B. Adjust the Java dependencies,
> 1. So that the dependencies are clear and the situation around
> failures to find a suitable JRE is made workable for casual users.  This
> could involve the above (2-4) remedies.
> 2. Only then consider increasing the dependencies on Java for
> full-function operation in some controllable way.
>
>  C. Make AOO a Java application that has C++ components, rather than the
> reverse.
>
> These are all serious.  Probably on the way to either A or C, one must
> address B.
>
> We also need to consider what the project's capacity for any of these
> cases happens to be.
>
> Thoughts?
>
>  - Dennis
>
> PS: There is a bigger question about platform presence in here.  There are
> distributions for which Java dependency is not particularly attractive and
> we may be cutting ourselves off from those.  That might not matter if we
> are talking about the small percentage of the downloads that are for
> neither Windows nor Macintosh desktop PCs.
>
>
>
> > -Original Message-
> > From: Pedro Giffuni [mailto:p...@apache.org]
> > Sent: Thursday, October 29, 2015 08:07
> > To: Apache OO <dev@openoffice.apache.org>
> > Subject: Re: Thinking of joining OpenOffice as a developer
> >
> > Hello;
> >
> > First of all, a warm welcome to Patricia. Java developers are
> > particularly welcome at this stage!
> >
> > Just IMHO, the C++ side of AOO is either under-control or
> > too-ugly-to care-about, so we would do good focus more on the
> > Java parts, which are also somewhat ugly but still promising.
> [ ... ]
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
> For additional commands, e-mail: dev-h...@openoffice.apache.org
>
>


-- 
*Simon Phipps*  http://webmink.com
*Office:* +1 (415) 683-7660 *or* +44 (238) 098 7027
*Mobile*:  +44 774 776 2816 *or Telegram <https://telegram.me/webmink>*


Re: Remembering Ian Lynch in 4.1.2 announcement

2015-10-28 Thread Simon Phipps
+1.  While it is not specifically related to the release, it is a gesture
that builds community empathy and this is the first opportunity to make the
gesture.

On Tue, Oct 27, 2015 at 10:52 PM, Andrea Pescetti <pesce...@apache.org>
wrote:

> I was wondering whether we should remember Ian Lynch at the end of the
> 4.1.2 Release announcement, with a sentence like
>
> "The OpenOffice community dedicates version 4.1.2 to the memory of Ian
> Lynch, a member of the OpenOffice Project Management Committee and a key
> contributor to marketing and education efforts, who passed away earlier
> this year" [of course please adjust and fix in case]
>
> I have no idea on whether this is appropriate or not. I'm rather neutral
> on the issue. Feedback welcome. Our memorial for Ian is at
> http://www.apache.org/memorials/ian_lynch.html
>
> Regards,
>   Andrea.
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
> For additional commands, e-mail: dev-h...@openoffice.apache.org
>
>


-- 
*Simon Phipps*  http://webmink.com
*Office:* +1 (415) 683-7660 *or* +44 (238) 098 7027
*Mobile*:  +44 774 776 2816 *or Telegram <https://telegram.me/webmink>*


Re: 2015-08-24 Future Board Reports

2015-08-25 Thread Simon Phipps
On Tue, Aug 25, 2015 at 4:26 AM, Dennis E. Hamilton orc...@apache.org
wrote:


 Until further notice, the AOO Report to the Board will be developed by the
 Chair privately with the PMC and will not be made or discussed in public
 before its submission and acceptance by the Board.  Subsequent to that
 acceptance and its publication by the Board, typically a month later, the
 final version will also be made available for the information of the full
 Apache OpenOffice community and as part of the project's historical
 materials.


Please forgive my lack of Apache-wide insight, but is this approach common
in other Apache projects or unique to AOO?

Thanks,

S.


Re: ODF 1.2 and AOO ?

2015-07-17 Thread Simon Phipps
On Fri, Jul 17, 2015 at 11:06 AM, jan i j...@apache.org wrote:


 I thought ODF 1.2 was relative old, but I might be wrong.


While it was approved as an OASIS standard in 2011, it only became an
official and approved ISO standard in mid-June. More at
https://en.wikipedia.org/wiki/OpenDocument_standardization#OpenDocument_1.2

S.


Re: July board report.

2015-06-30 Thread Simon Phipps
On Tue, Jun 30, 2015 at 12:51 PM, jan i j...@apache.org wrote:

 Hi.

 It is again time to make a board report, you can find my proposal at
 https://cwiki.apache.org/confluence/display/OOOUSERS/2015+July

 comments and changes are welcome.


Should the fact CVE-2015-1774 is still unresolved in the released version
be mentioned?

Best regards

Simon


Re: July board report.

2015-06-30 Thread Simon Phipps
On Tue, Jun 30, 2015 at 1:38 PM, jan i j...@apache.org wrote:

 On 30 June 2015 at 13:54, Simon Phipps si...@webmink.com wrote:

  On Tue, Jun 30, 2015 at 12:51 PM, jan i j...@apache.org wrote:
 
   Hi.
  
   It is again time to make a board report, you can find my proposal at
   https://cwiki.apache.org/confluence/display/OOOUSERS/2015+July
  
   comments and changes are welcome.
  
 
  Should the fact CVE-2015-1774 is still unresolved in the released version
  be mentioned?
 
 It is kind of obvious, no new release so of course it is still unresolved.


The previous Board report was issued just before the CVE was made public,
and is thus not mentioned. Given it's been unresolved for four months, two
public, shouldn't it be mentioned this time?

Thanks,

Simon


Re: CVE-2015-1774 (was: July board report)

2015-06-30 Thread Simon Phipps
On Tue, Jun 30, 2015 at 5:23 PM, Dennis E. Hamilton dennis.hamil...@acm.org
 wrote:

 THE TL;DR:

 I agree.  The extensive lag to availability of 4.1.2 is far more pertinent
 at the level of the Board Report.  The existence of CVE-2015-1774 does not
 change that and should not overshadow it.

 I think featuring CVE-2015-1774 in the report exaggerates its importance
 and ignores the deliberation that accompanied our announcement of a
 straightforward CVE-2015-1774 mitigation, 
 http://www.openoffice.org/security/cves/CVE-2015-1774.html.


I would largely agree, although I still believe the CVE and its mitigation
should be documented at http://www.openoffice.org/download/ as there is a
negligible chance any user downloading AOO will see it otherwise and I
believe the risk is greater than is being recognised.



 MORE MUSINGS

 We are not talking about a defect for which there is a known exploit and
 there would be very few users, if any, who might encounter one, were one
 worth developing.

 While Simon has expressed his own perspective on how dangerous the related
 defect is and what users are exposed to, that is not the consensus of the
 AOO security team and those who have oversight on its deliberations.  That
 does not mean we shouldn't take further steps.  It just means we have
 concluded there is no emergency.



 It would probably be a simpler and more-fruitful action to simply make
 this web page, http://www.openoffice.org/security/, the bulletins, and
 their translations more prominent and easily found on our web site.

 Also, with respect to CVE-2015-1774, I think the population of concern is
 those who use old (ca. 1999 and earlier) Korean-language HWP documents and
 are happily using OO.o 2.4 through 3.4 releases, remaining ignorant of AOO
 4.1.2 and already-repaired LibreOffice distributions.


If a malicious party were to create an HWP file crafted to exploit the
vulnerability but then distribute it with another extension (say .ODT), AOO
would still open it. I thus believe that there are two populations of
concern:

   1. Users of HWP files on any existing version of AOO and predecessors.
   This is alleged to be a small population, and I have no reason to disagree.
   Were this the only population of concern I would agree that the risk would
   be minimal.
   2. All users of any distributed version of AOO and predecessors where
   the documented mitigation has not been applied are also vulnerable to the
   creation of a malicious HWP renamed with a benign file extension. There is
   no known exploit at present, but as the population of users with the
   vulnerability grows the risk increases.

We can do what we are able to do, when we do it, yet there is little to be
 done for folks who have no desire or even means to replace their OpenOffice
 software.


I agree that we can only do what we have the resources to do. However, I
continue to believe we are not taking all the steps we could to ensure that
the second population of concern are adequately informed even if we do not
have the resources to protect them.

S.


Re: Download Stats

2015-06-28 Thread Simon Phipps
On Sun, Jun 28, 2015 at 9:33 AM, Andrea Pescetti pesce...@apache.org
wrote:


 Note: as discussed several times on this list, replacing this with a link
 to the SourceForge statistics is wrong, since the scripts do the right
 thing in terms of accounting for all downloads and reducing duplicates
 (SourceForge statistics are precise, but we don't want to consider, for
 example, a language pack as if it was a full download).


While it's great to have more accurate stats, if creating them requires
regular manual intervention there is a great risk of them getting out of
date as they are now; rule one of metrics is to ensure they are integrated
with the workflow and not a stand-alone task. Perhaps changing the page to
document the issues with the SourceForge stats before linking to them would
be a good replacement? Accurate stats that need interpretation are better
than inaccurate stats...

S.


Re: Download Stats

2015-06-26 Thread Simon Phipps
On Fri, Jun 26, 2015 at 3:45 PM, Rory O'Farrell ofarr...@iol.ie wrote:

 On Fri, 26 Jun 2015 15:25:01 +0100
 Simon Phipps si...@webmink.com wrote:

  Hi Rory,
 
  On Fri, Jun 26, 2015 at 11:40 AM, Rory O'Farrell ofarr...@iol.ie
 wrote:
 
   Just to note that the OO download statistics haven't been updated in a
   long time.
  
 
  Which ones are you referring to? The ones at
 
 http://sourceforge.net/projects/openofficeorg.mirror/files/stats/timeline
  or something else?
 
  Thanks!
 
  Simon

 I was thinking of the ones linked off
 http://www.openoffice.org/stats/index.html
 in particular of
 http://www.openoffice.org/stats/downloads.html


Ah yes, those are ancient. It would probably be better to just make the
page a redirect to
http://sourceforge.net/projects/openofficeorg.mirror/files/stats/timeline

S.


Re: Download Stats

2015-06-26 Thread Simon Phipps
Hi Rory,

On Fri, Jun 26, 2015 at 11:40 AM, Rory O'Farrell ofarr...@iol.ie wrote:

 Just to note that the OO download statistics haven't been updated in a
 long time.


Which ones are you referring to? The ones at
http://sourceforge.net/projects/openofficeorg.mirror/files/stats/timeline
or something else?

Thanks!

Simon


Re: Download Stats

2015-06-26 Thread Simon Phipps
On Fri, Jun 26, 2015 at 7:28 PM, Marcus marcus.m...@wtnet.de wrote:

 Am 06/26/2015 06:27 PM, schrieb Simon Phipps:

 On Fri, Jun 26, 2015 at 3:45 PM, Rory O'Farrellofarr...@iol.ie  wrote:

  On Fri, 26 Jun 2015 15:25:01 +0100
 Simon Phippssi...@webmink.com  wrote:

  Hi Rory,

 On Fri, Jun 26, 2015 at 11:40 AM, Rory O'Farrellofarr...@iol.ie

 wrote:


  Just to note that the OO download statistics haven't been updated in a
 long time.


 Which ones are you referring to? The ones at


 http://sourceforge.net/projects/openofficeorg.mirror/files/stats/timeline

 or something else?

 Thanks!

 Simon


 I was thinking of the ones linked off
 http://www.openoffice.org/stats/index.html
 in particular of
 http://www.openoffice.org/stats/downloads.html


  Ah yes, those are ancient. It would probably be better to just make the
 page a redirect to
 http://sourceforge.net/projects/openofficeorg.mirror/files/stats/timeline


 ... or you could start to be productive and update the numbers. ;-)



It would be better to avoid having content on the web site that requires
regular manual updates, hence the recommendation that the page be converted
to a redirect.

S.


Re: Download Stats

2015-06-26 Thread Simon Phipps
On Fri, Jun 26, 2015 at 7:52 PM, Marcus marcus.m...@wtnet.de wrote:

 Am 06/26/2015 08:33 PM, schrieb Simon Phipps:

 On Fri, Jun 26, 2015 at 7:28 PM, Marcusmarcus.m...@wtnet.de  wrote:

  Am 06/26/2015 06:27 PM, schrieb Simon Phipps:

  On Fri, Jun 26, 2015 at 3:45 PM, Rory O'Farrellofarr...@iol.ie
  wrote:

   On Fri, 26 Jun 2015 15:25:01 +0100

 Simon Phippssi...@webmink.com   wrote:

   Hi Rory,


 On Fri, Jun 26, 2015 at 11:40 AM, Rory O'Farrellofarr...@iol.ie

  wrote:


   Just to note that the OO download statistics haven't been updated
 in a

 long time.


  Which ones are you referring to? The ones at



 http://sourceforge.net/projects/openofficeorg.mirror/files/stats/timeline

  or something else?

 Thanks!

 Simon


 I was thinking of the ones linked off
 http://www.openoffice.org/stats/index.html
 in particular of
 http://www.openoffice.org/stats/downloads.html


   Ah yes, those are ancient. It would probably be better to just make
 the

 page a redirect to

 http://sourceforge.net/projects/openofficeorg.mirror/files/stats/timeline


 ... or you could start to be productive and update the numbers. ;-)


 It would be better to avoid having content on the web site that requires
 regular manual updates, hence the recommendation that the page be
 converted
 to a redirect.


 maybe, but why don't you try to reach this goal? What is strange is that
 you write here only what has to (or should) be done.


Nothing strange. I do not have commit access, and it's a trivial change for
someone who does. If I did have commit access I would be right on it like I
have been on other occasions, you betcha :-)

S.


Re: Enquiry

2015-05-27 Thread Simon Phipps
Dear Naomi,

Following Internet norms, my reply to your message is below.

On Wed, May 27, 2015 at 5:00 PM, Naomi naomiobine...@yahoo.co.uk wrote:


 Hi there,

 I googled my name to find that your company has saved my messages to two
 mail archives without my consent. Could you please remove my messages from
 the public archive as strangers are able to obtain my email address by
 searching for my name?


I'm not personally familiar with the messages you refer to, but you have
reached a public mailing list read by hundreds of individuals who like me
are all volunteers. The mailing list is not managed by a company, but
belongs to a US non-profit called The Apache Software Foundation (the ASF).
The mailing list is also read by automated systems outside the control of
the ASF which then create public archives.

It is safe to say that, once your e-mail has been sent to an ASF mailing
list, it is impossible to remove it from the Internet. Please visit the
ASF's policy page on this subject for more information --
http://apache.org/foundation/public-archives.html

Please be aware that this e-mail thread is also being archived publicly.

Best regards,

Simon


Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS Vulnerability

2015-04-29 Thread Simon Phipps
Given this problem is not fixed in the current download, should the project
suspend downloads until it can be addressed? Few of the people downloading
the package will be aware of this CVE or of the necessary mitigation
post-install.

S.


On Sat, Apr 25, 2015 at 8:13 PM, Herbert Duerr h...@apache.org wrote:

 CVE-2015-1774

 OpenOffice HWP Filter Remote Code Execution and Denial of Service
 Vulnerability

 A vulnerability in OpenOffice's HWP filter allows attackers to cause a
 denial of service (memory corruption and application crash) or possibly
 execution of arbitrary code by preparing specially crafted documents in
 the HWP document format.

 Severity: Important

 Vendor: The Apache Software Foundation

 Versions Affected:

 All Apache OpenOffice versions 4.1.1 and older are affected.

 Mitigation:

 Apache OpenOffice users are advised to remove the problematic library in
 the program folder of their OpenOffice installation. On Windows it is
 named hwp.dll, on Mac it is named libhwp.dylib and on Linux it is
 named libhwp.so. Alternatively the library can be renamed to anything
 else e.g. hwp_renamed.dll.
 This mitigation will drop AOO's support for documents created in Hangul
 Word Processor versions from 1997 or older. Users of such documents are
 advised to convert their documents to other document formats such as
 OpenDocument before doing so.

 Apache OpenOffice aims to fix the vulnerability in version 4.1.2.

 Credits:

 Thanks to an anonymous contributor working with VeriSign iDefense Labs.





-- 
*Simon Phipps*  http://webmink.com
*Office:* +1 (415) 683-7660 *or* +44 (238) 098 7027
*Mobile*:  +44 774 776 2816 *or Telegram https://telegram.me/webmink*


Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS Vulnerability

2015-04-29 Thread Simon Phipps
On Wed, Apr 29, 2015 at 2:00 PM, Andrea Pescetti pesce...@apache.org
wrote:

 Simon Phipps wrote:

 Given this problem is not fixed in the current download, should the
 project
 suspend downloads until it can be addressed?


 This looks like a very extreme measure to take. The severity of the issue
 would not justify it.


Can you explain that please? The CVE says Severity: Important and the
effects are a denial of service or possibly execution of arbitrary code by
preparing specially crafted documents in the HWP document format.

The fact we are unaware of current exploits does not mitigate the risk
arising from distributing the software, and the rarity of the file format
does not reduce the likelihood of it being used in an exploit. Maybe I am
missing some of the context from the private security list?

Thanks,

S.


Re: Apache open office on Anroid

2015-04-17 Thread Simon Phipps
On Thu, Apr 16, 2015 at 6:50 PM, Nguyễn Đình Văn dinhva...@gmail.com
wrote:

 Dear all,
 I have 2 question, please ask me:
 1. Can [Apache open office] view office on Android?


There's no work in progress on this at Apache, but there are two related
serious activities.
* A direct port of AOO to Android has been performed, [AndrOpenoffice][1} -
however, its user interface is not adapted to touch-only use and I find it
usable only in desktop contexts (with a wireless keyboard and mouse) where
I might as well use a laptop
* A project is under way to create a specific adaptation for Android, and
the project has reached the stage of a stable and useful document viewer,
[LibreOffice Viewer][2]



 2. Can library of [Apache open office] convert document to image ?


There is a server mode that you can use to perform a variety of
conversions. There have been forum discussions [sample][3] and there's a
[how-to for LibreOffice][4]. I would suggest researching this headless
mode and then coming back with questions.

HTH,

Simon


[1] https://play.google.com/store/apps/details?id=com.andropenoffice
[2] https://play.google.com/store/apps/details?id=com.collabora.libreoffice
[3] https://forum.openoffice.org/en/forum/viewtopic.php?f=5t=66219
[4]
https://wiki.documentfoundation.org/Using_LibreOffice_in_a_Web_Browser#Running_LibreOffice_in_server_mode


Re: Re: How to achieve online editing?

2015-04-12 Thread Simon Phipps
It's likely that your best approach will involve using CMIS, which is the
interface standard most CMS offer. While there has been some experimental
work done with CMIS in AOO, it's fully implemented in LibreOffice and there
are reports on the web of interaction with a variety of CMS. Try searching
for using cmis in libreoffice for more details.

Hope this helps,

Simon

On Sun, Apr 12, 2015 at 4:24 PM, 郄宁 qienin...@163.com wrote:


 Thank you for your answer. I am using win7,there is a CMS in the
 background and use network, If I want to edit oo documentation which
 interfaces need to call?

 在2015年04月12日 19:40,Marcus 写道:
 Am 04/11/2015 03:41 AM, schrieb 郄宁:
  For example, I put the OpenOffice files are uploaded to a financial
 system how do Idirectly on the document in the accounting system for editing

 this is too less information to give a howto description.

 What OS do you use? Is there a CMS (Content Management System) in the
 background? Is a network used?

 If possible you should also ask your system admin(s) for help. ;-)

 Thanks

 Marcus



Re: Board report proposal, please comment before April 5.

2015-04-05 Thread Simon Phipps
On Sun, Apr 5, 2015 at 9:57 AM, Gavin McDonald ga...@16degrees.com.au
wrote:


 I suggested (that is the word suggested; and yes it was me!) that some
 sentences be
 reworded slightly  - to say the same thing, but in a more positive light,
 in such a way
 as that it might actually encourage more folks to step forward. That is
 what is needed
 here right?


I would usually agree with this sentiment, were it not for the fact that
exactly that strategy has been used for all previous Board reports from AOO
and yet we have still seen the decline in participation that [LWN has
reported][1]. Given that decline -- which appears to have continued -- and
the resulting lack of a release manager and of any active core code feature
implementers on the project, it seems appropriate to make a report to the
Board that highlights those facts rather than tries to make everything seem
OK.

S.




[1] http://lwn.net/Articles/637735/


Re: Board report proposal, please comment before April 5.

2015-04-04 Thread Simon Phipps
On 5 Apr 2015 02:05, jan i j...@apache.org wrote:
 I can
 replace the report with a short note stating the I (as chair) have removed
 it, because the community need more
 time to discuss the content.


That seems crazy, given the long review window and the absence of criticism
on this list. The report was openly discussed for longer than I recall any
other Board report. Any member claiming there was community opposition
should produce evidence to that effect.

The report should stand as-is rather than be voided by a private request
that seems to fly in the face of the public evidence.

S.


Re: Breach of confidentiality

2015-03-11 Thread Simon Phipps
You will want to refer to http://openoffice.apache.org/mailing-lists.html
before you make the personal choice to send any further messages to this
public, archived mailing list.

S.
(I am just a member of the public who subscribes to the list along with
around 450 other subscribers and public archivers)

On Wed, Mar 11, 2015 at 6:38 PM, Grampa Renato, GB 
renato.gra...@prysmiangroup.com wrote:

 Sirs,

 You have made public one of my message without my authorization.

 http://comments.gmane.org/gmane.comp.apache.openoffice.devel/18648



 I highlight that the message contained a Confidentiality Notice that you
 have deliberately and blatantly breached.

 You are put on notice that intend to take legal actions against your
 organisation for this issue and for all direct and indirect damages you
 have caused.

 I ask you to remove immediately the message from the web and cancel it
 from your records by c.o.b. 16 March 2015.

 I await your confirmation before the above deadline.

 regards
 Renato Grampa




 


 CONFIDENTIALITY NOTICE

 This message and its attachments (if any) may contain confidential,
 proprietary or legally privileged information and it for the use of the
 intended recipient(s). No confidentiality or privilege is waived or lost by
 any incorrect transmission.

 If you are not the intended recipient of this message you are hereby
 notified that you must not use, disseminate, copy it in any form or take
 any action in reliance on it. If you have received this message in error,
 please, delete it (and any copies of it) and kindly inform the sender of
 this e-mail by replying or going to www.prysmiangroup.com

 http://www.prysmiangroup.com/

  on contact us.

 All liability for viruses is excluded to the fullest extent permitted by
 law.



Re: community communication versus private PMC communication, WAS: PMC FAQ update

2015-03-08 Thread Simon Phipps
On Sun, Mar 8, 2015 at 11:53 AM, Andrea Pescetti pesce...@apache.org
wrote:

 You are suggesting a usage pattern of the private list that is far beyond
 reality.


I am not. I am pointing out there is no way for me to know, and that the
strong reactions to Dave's original (modest  reasonable) question as well
as other follow-ups do nothing to build trust. I believe others here have
already taken that point and I suggest letting it rest now.


 What about actually doing something?


That, sir, is insulting.

If you want to propose a resolution, do so, but please do not attempt to
hand out jobs. If the consensus on the list devises an alternative to Kay's
original proposal and work, I may consider volunteering and requesting the
necessary access (which I probably don't have).

S.


Re: community communication versus private PMC communication, WAS: PMC FAQ update

2015-03-07 Thread Simon Phipps
On Sat, Mar 7, 2015 at 7:45 PM, Dennis E. Hamilton dennis.hamil...@acm.org
wrote:

 I'll ask one more time.  What action is expected here on dev@ to impact
 how the PMC uses private@ ?


I don't think there is any action that can be taken on dev@ beyond pointing
out to others here that, when one does not have access to the privileged
conversations of the PMC, actions that use those conversations as
justification appear hostile, as do dismissive PMC member reactions when
simple and reasonable questions are asked about them.

Hopefully, recognising how much harm the resulting atmosphere of mistrust
does to the project will be remembered. Then PMC members will be heard in
the future when they ask that private@ conversations be reiterated or
summarised and then continued on dev@.  Note that just continuing
converstaion is not enough; all dev@ members need to understand the full
context rather than being belittled for not knowing it.

S.


Re: PMC FAQ update

2015-03-06 Thread Simon Phipps
On Sat, Mar 7, 2015 at 12:00 AM, Andrea Pescetti pesce...@apache.org
wrote:

 On 06/03/2015 Dave Barton wrote:

 OK! One last attempt to clarify and resolve a trivial issue, that has
 become clouded in misunderstanding and mistranslated into some kind of
 bike-shedding subject.


 ...and misunderstood (or portrayed) as a transparency issue, when the
 answer to your question on who is moderating the API list can readily be
 found at https://issues.apache.org/jira/browse/INFRA-6095 and needed no
 further discussion.


... which is of course the first place anyone would think to look! Just
needs a beware of the leopard sign :-)

Seriously, there's a community issue here. Those of us not on the PMC
discovered accidentally that apparently harmless updates Kay proposed --
and was already implementing -- had been vetoed for undocumented reasons by
unknown voices in a secret venue. Doesn't sound like the Apache Way.

I believe the continued discussion is because of that and the strong
reaction to asking about it, rather than the details of how and why to list
the moderators (which to me still seems obvious, uncontroversial, modestly
beneficial and best done simply). It begs the question why that reaction
happened.

S.


Re: PMC FAQ update

2015-03-05 Thread Simon Phipps
On Thu, Mar 5, 2015 at 10:27 AM, Dave Barton d...@tasit.net wrote:

 
  On Mon, Feb 23, 2015 at 10:02 PM, Kay Schenk kay.sch...@gmail.com
 wrote:
 
  I just updated the PMC FAQ page on the project website.

 I see this page has now been updated and the names of all the list
 moderators have been removed. Is there some new (unlinked) location
 where that information can be found? If not, should we add the moderator
 names to the individual list information on the mailing lists page:
 https://openoffice.apache.org/mailing-lists.html ?


I also note that the [commit for this change][1] refers to a discussion of
the rationale for the change - can anyone point me to the discussion please?

Thanks,

S.

[1]: http://markmail.org/thread/l4yjh7gcgk5k6ist


Re: PMC FAQ update

2015-03-05 Thread Simon Phipps
On Thu, Mar 5, 2015 at 11:03 AM, jan i j...@apache.org wrote:

 On 5 March 2015 at 11:42, Simon Phipps si...@webmink.com wrote:

  On Thu, Mar 5, 2015 at 10:27 AM, Dave Barton d...@tasit.net wrote:
  
   
On Mon, Feb 23, 2015 at 10:02 PM, Kay Schenk kay.sch...@gmail.com
   wrote:
   
I just updated the PMC FAQ page on the project website.
  
   I see this page has now been updated and the names of all the list
   moderators have been removed. Is there some new (unlinked) location
   where that information can be found? If not, should we add the
 moderator
   names to the individual list information on the mailing lists page:
   https://openoffice.apache.org/mailing-lists.html ?
 
 
  I also note that the [commit for this change][1] refers to a discussion
 of
  the rationale for the change - can anyone point me to the discussion
  please?
 

 Some of that discussion happened (partly wrongly) on private@

 Basically some of us (including myself) does not want to have our names
 published where it is not really needed or beneficial.


Obviously I wasn't party to the private discussion, but that seems an odd
decision in a community that's so transparent in its intent an
implementation. I suggest the lists of moderators be made available
somewhere because:

   - The identities of the list moderators seem very hard to determine by
   any other means
   - This mode of contribution gets little enough recognition as it is, and
   the people contributing this way should be recognised.

Since we have and owner@ to every list, there are no need to publish the
 individual names.


There is a private@ list but we still publish the names of the PMC
members...

S.


Re: Some old OOo SVN dumps, of use to anyone?

2015-02-28 Thread Simon Phipps
On Sat, Feb 28, 2015 at 7:22 PM, Marcus marcus.m...@wtnet.de wrote:


 IMHO this is an invaluable source of our history that we shouldn't loose.


I agree with this -- it's history for every derivative of OO.o, not just
AOO.


 Please save it at a location where it cannot be deleted by accident. So,
 the best would be indeed somewhere on a server/disk that is
 controlled/accessible at apache.org.


One issue may be licensing, as the work stored on Rob's disk was not the
one approved by Oracle to be relicensed for use by Apache.  Even if that
can be resolved, the image probably also includes portions that were not
included in the code identified for relicensing approval. I'm no expert on
Apache policies but it seems possible either of those conditions could make
the file inappropriate for storage by Apache directly.

S.


Re: PMC FAQ update

2015-02-23 Thread Simon Phipps
On Mon, Feb 23, 2015 at 10:02 PM, Kay Schenk kay.sch...@gmail.com wrote:

 I just updated the PMC FAQ page on the project website.

 Please let us know if there are further changes to the persons listed as
 e-mail moderators, wiki admins, or anything else.


I'm pretty sure there are others - I moderate users@ and marketing@ daily
for example. Or is that page only supposed to list PMC members in those
roles?

S.


Re: website security certificate

2015-02-19 Thread Simon Phipps
On Thu, Feb 19, 2015 at 6:26 AM, jan i j...@apache.org wrote:

 On Thursday, February 19, 2015, Dennis E. Hamilton 
dennis.hamil...@acm.org
 wrote:

 The connection to this web site is not fully secure
 because it contains unencrypted elements (such as
 images).


Perhaps the line:
   img src=http://www.openoffice.org/images/2014-eu-234x60.png; alt=Logo
ApacheCon Europe 2014 /

is causing this?

S.


Re: Proposal to change or remove a web page that seems to cause unfruitful discussions.

2015-02-19 Thread Simon Phipps
On Thu, Feb 19, 2015 at 4:27 PM, Alexandro Colorado j...@oooes.org wrote:

 ​Why not just take it down, and re-publish it when there is a more
 agreeable content on it.


That sounds smart to me, +1.

I note that on legal-discuss Jim [called the page][1] misrepresentation -
maybe he has comments on what the project should do here?

S.

[1]:
http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201502.mbox/%3CB5FAC1D8-332E-48FD-A495-5E5C9255A859%40jaguNET.com%3E


Re: website security certificate

2015-02-19 Thread Simon Phipps
On Thu, Feb 19, 2015 at 6:01 PM, jan i j...@apache.org wrote:

 On Thursday, February 19, 2015, Keith N. McKenna 
 keith.mcke...@comcast.net
 wrote:

  jan i wrote:
   On 19 February 2015 at 14:14, Simon Phipps si...@webmink.com
  javascript:; wrote:
  
   On Thu, Feb 19, 2015 at 6:26 AM, jan i j...@apache.org
 javascript:;
  wrote:
  
   On Thursday, February 19, 2015, Dennis E. Hamilton 
   dennis.hamil...@acm.org javascript:;
   wrote:
  
  The connection to this web site is not fully secure
  because it contains unencrypted elements (such as
  images).
  
  
   Perhaps the line:
  img src=http://www.openoffice.org/images/2014-eu-234x60.png;
   alt=Logo
   ApacheCon Europe 2014 /
  
  
  
  
   is causing this?
  
   A very  good idea...since this will cause a jump from HTTPS to HTTP. I
  had
   however expected another error for this.
  
   Funny thing is, that I do not get an error on that page, even with my
   Certificate analyzer.
  
   rgds
   jan I.
  
  
   S.
  
  
  I get the following warning with SeaMonkey 2.32.1. You have requested a
  page that is only partially encrypted and does not prevent eavesdropping.


 that is the error I expected due to the img src calling http and not https.


Is there someone with commit access who could change that IMG tag to use
https so Brenda  Keith can check if that's the problem?

S.


Re: [VOTE] New Apache OpenOffice PMC Chair

2015-02-04 Thread Simon Phipps
On 30/01/2015 Andrea Pescetti wrote:

 Who of the two candidates do you prefer to replace Andrea Pescetti as
 the OpenOffice project PMC Chair?


[X] Jan Iversen (jani)


S.


Re: [DISCUSS] Inappropriate Compliance Costs

2015-02-02 Thread Simon Phipps
On Mon, Feb 2, 2015 at 3:09 AM, Andrea Pescetti pesce...@apache.org wrote:

 On 30/01/2015 Rob Weir wrote:

 1) Companies that use commercially licensed software are exposed to
 compliance risk that can be mitigated with time and expense.
 2) Companies that use copyleft software are also exposed to compliance
 risk that can be mitigated with time and expense.
 3)  There is a class of open source licenses that represent a middle
 path and avoid much of this risk.  The Apache License is one example.
 4) Apache OpenOffice uses the Apache License, so if you are concerned
 with the cost of license compliance you might want to look further
 into using OpenOffice.
 I'd argue that this is a factual, relevant and appropriate thing for us
 to say.


 The page provides relevant information in a bad way (tone and wording of
 the above list would be OK, for example). It is by keeping it as it is that
 we play the game of haters. I'll propose a rewrite next weekend.


That sounds a good move, Andrea. However, one question that needs asking is
why the AOO project (as opoosed to Apache in general) needs this page at
all. Now that LibreOffice uses the Mozilla license (which is not known for
compliance risks), which GPL-licensed suite is this page helping users
avoid?

S.


Re: [DISCUSS] Inappropriate Compliance Costs

2015-02-02 Thread Simon Phipps
On Mon, Feb 2, 2015 at 3:59 PM, Rob Weir r...@robweir.com wrote:

 On Mon, Feb 2, 2015 at 8:34 AM, Simon Phipps si...@webmink.com wrote:
  On Mon, Feb 2, 2015 at 3:09 AM, Andrea Pescetti pesce...@apache.org
 wrote:
 
  The page provides relevant information in a bad way (tone and wording of
  the above list would be OK, for example). It is by keeping it as it is
 that
  we play the game of haters. I'll propose a rewrite next weekend.
 
 
  That sounds a good move, Andrea. However, one question that needs asking
 is
  why the AOO project (as opoosed to Apache in general) needs this page at
  all. Now that LibreOffice uses the Mozilla license (which is not known
 for
  compliance risks), which GPL-licensed suite is this page helping users
  avoid?
 

 There is no mention of LO on this page, nor any suggestion of it.


I did not say it did. I am a regular contributor to this project and my
comments are in that capacity, not as a representative of anyone else. My
question stands.

S.


Re: [DISCUSS] Inappropriate Compliance Costs

2015-02-02 Thread Simon Phipps
On 3 Feb 2015 03:29, Louis Suárez-Potts lui...@gmail.com wrote:

 Simon,

 This is OT.

What is? I am participating in a discussion of the page referred to
legal-discuss by someone else. My last contribution was a
question/suggestion in response to Andrea. As far as I can remember,
nothing I have posted so far has been unrelated to that topic.

S.


Re: Open Document Editors Devroom at FOSDEM 15, Brussels, 31 Jan 2015

2014-12-10 Thread Simon Phipps
On Wed, Dec 10, 2014 at 8:01 PM, Andrea Pescetti pesce...@apache.org
wrote:


 We had to reject a interesting submission about community metrics in the
 past since FOSDEM is not the place for it.


Conveniently, Biturgia is running an EU edition of its FLOSS Metrics event
adjacent to FOSDEM:
http://flosscommunitymetrics.org/index.html

S.


Re: [PROPOSAL] Rejecting Quick Office Pro messages

2014-12-04 Thread Simon Phipps
On Wed, Dec 3, 2014 at 1:26 PM, Simon Phipps si...@webmink.com wrote:


 I just spoke with the owner of the Apple developer account for the app. He
 tells me it had been used by a subcontractor, that it was unrelated to his
 real business (online TV) and that he would immediately remove the app from
 the iTunes store now he's seen what they did.


Following up:  The app causing the unwanted e-mail traffic has now been
removed from the App Store (as have most of the other scams I mentioned in
my InfoWorld article).

S.


Re: [PROPOSAL] Rejecting Quick Office Pro messages

2014-12-03 Thread Simon Phipps
On Tue, Dec 2, 2014 at 11:23 PM, Kay Schenk kay.sch...@gmail.com wrote:


 I think we should be contacting Quick Office Pro about changing their
 support information if we haven't already.


I just spoke with the owner of the Apple developer account for the app. He
tells me it had been used by a subcontractor, that it was unrelated to his
real business (online TV) and that he would immediately remove the app from
the iTunes store now he's seen what they did.

S.


Re: [PROPOSAL] Rejecting Quick Office Pro messages

2014-12-02 Thread Simon Phipps
On Wed, Dec 3, 2014 at 12:30 AM, Rob Weir r...@robweir.com wrote:


 Is there a way we could handle it even earlier, at the Apache server
 level?   Detect the incoming link based on the referrer as ones coming
 from the offending website and then redirect that to a custom webpage
 where we explain to the user that we are not QuickOffice Pro?   If we
 do that then we would get no (or far fewer) emails, right?


I doubt there will be a common referrer as the links on

https://itunes.apple.com/gb/app/quickoffice-pro/id889011512?mt=8

just point to openoffice.org and the users getting through seem to be smart
enough to find a contact address.  But if there was a way to do that it
would be even better, yes.

S.


Re: [PROPOSAL] Rejecting Quick Office Pro messages

2014-12-02 Thread Simon Phipps
On Wed, Dec 3, 2014 at 1:34 AM, Rob Weir r...@robweir.com wrote:

 On Tue, Dec 2, 2014 at 7:43 PM, Simon Phipps si...@webmink.com wrote:
  On Wed, Dec 3, 2014 at 12:30 AM, Rob Weir r...@robweir.com wrote:
 
 
  Is there a way we could handle it even earlier, at the Apache server
  level?   Detect the incoming link based on the referrer as ones coming
  from the offending website and then redirect that to a custom webpage
  where we explain to the user that we are not QuickOffice Pro?   If we
  do that then we would get no (or far fewer) emails, right?
 
 
  I doubt there will be a common referrer as the links on
 
  https://itunes.apple.com/gb/app/quickoffice-pro/id889011512?mt=8
 
  just point to openoffice.org and the users getting through seem to be
 smart
  enough to find a contact address.  But if there was a way to do that it
  would be even better, yes.
 

 I understand.  It should be possible to detect and redirect all
 incoming website requests that originate from
 https://itunes.apple.com/gb/app/quickoffice-pro/id889011512

 This could be done preferably at the Apache HTTP Server level, or
 (less reliably) on our home page with a Javascript redirect:

 script
 if ( window.document.referrer.indexOf(
 /itunes.apple.com/gb/app/quickoffice-pro/id889011512 ) != -1 ) {
location.href = http://www.openoffice.org/new-special-page.html;;
 }

 /script


Ah right, I read your initial proposal as scanning e-mails, sorry.  The
referrer would need to be a pattern since there are many App Stores all
over the place, but that should certainly reduce the number of queries.

S.