Re: [tdf-discuss] LibreOffice and Java Security: OpenJDK Vulnerability

2013-01-18 Thread Jonathan Aquilina
I can confirm that that is whats already happening in firefox, seems like
safari and mac osx will pop up an error asking if you want to update block
or update later in terms of the java version.


On Fri, Jan 18, 2013 at 8:15 PM, Dennis E. Hamilton  wrote:

> <
> http://lists.grok.org.uk/pipermail/full-disclosure/2013-January/089440.html
> >
>
> It appears that the particular reflection feature in Java 7 is the
> security-exploit gift that just keeps on giving.  The answer is still to
> disable Java plug-ins in browsers and have Java installed only if you
> depend on it for something (certain LibreOffice extensions, Base, other
> Java-based applications, etc.).
>
> -Original Message-
> From: Dennis E. Hamilton [mailto:dennis.hamil...@acm.org]
> Sent: Wednesday, January 16, 2013 09:10
> To: 'Simon Phipps'
> Cc: 'lj'; 'Libreoffice Discussion List'
> Subject: RE: [tdf-discuss] LibreOffice and Java Security: OpenJDK
> Vulnerability
>
> Simon has just provided a superb account of the Java security problem in
> an InfoWorld blog post today:
> <
> http://www.infoworld.com/t/java-programming/why-fixing-the-java-flaw-will-take-so-long-210946
> >.
>
> I find this more-technical analysis to be plausible as well, and Simon's
> report provides context that makes it a bit more understandable:
> <
> http://lists.grok.org.uk/pipermail/full-disclosure/2013-January/089375.html
> >.
>
> [ ... ]
>
> For users of openoffice-lineage software, I am not sure what the concern
> should be.  Disabling java browser plugins seems prudent.  It may be
> inevitable that web sites will cease depending on users employing such
> plugins with the famed Java Applet disappearing into history.
>
> [ ... ]
>
> -Original Message-
> From: Simon Phipps [mailto:si...@webmink.com]
> Sent: Tuesday, January 15, 2013 19:29
> To: Dennis Hamilton
> Cc: lj; Libreoffice Discussion List
> Subject: Re: [tdf-discuss] LibreOffice and Java Security: OpenJDK
> Vulnerability
>
> I'm investigating, but the issue is a sandbox security manager bypass using
> unauthorised reflection and that's exploited using Rhino Javascript. So the
> context has to be a browser for there to be an issue even if OpenJDK is
> affected. See https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0422for
> lots of data...
>
> S.
>
>
> [ ... ]
>
>
> --
> Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org
> Problems?
> http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
> Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
> List archive: http://listarchives.documentfoundation.org/www/discuss/
> All messages sent to this list will be publicly archived and cannot be
> deleted
>



-- 
Jonathan Aquilina

-- 
Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted



RE: [tdf-discuss] LibreOffice and Java Security: OpenJDK Vulnerability

2013-01-18 Thread Dennis E. Hamilton
<http://lists.grok.org.uk/pipermail/full-disclosure/2013-January/089440.html>

It appears that the particular reflection feature in Java 7 is the 
security-exploit gift that just keeps on giving.  The answer is still to 
disable Java plug-ins in browsers and have Java installed only if you depend on 
it for something (certain LibreOffice extensions, Base, other Java-based 
applications, etc.).

-Original Message-
From: Dennis E. Hamilton [mailto:dennis.hamil...@acm.org] 
Sent: Wednesday, January 16, 2013 09:10
To: 'Simon Phipps'
Cc: 'lj'; 'Libreoffice Discussion List'
Subject: RE: [tdf-discuss] LibreOffice and Java Security: OpenJDK Vulnerability

Simon has just provided a superb account of the Java security problem in an 
InfoWorld blog post today:
<http://www.infoworld.com/t/java-programming/why-fixing-the-java-flaw-will-take-so-long-210946>.

I find this more-technical analysis to be plausible as well, and Simon's report 
provides context that makes it a bit more understandable:
<http://lists.grok.org.uk/pipermail/full-disclosure/2013-January/089375.html>.

[ ... ]

For users of openoffice-lineage software, I am not sure what the concern should 
be.  Disabling java browser plugins seems prudent.  It may be inevitable that 
web sites will cease depending on users employing such plugins with the famed 
Java Applet disappearing into history.

[ ... ]

-Original Message-
From: Simon Phipps [mailto:si...@webmink.com] 
Sent: Tuesday, January 15, 2013 19:29
To: Dennis Hamilton
Cc: lj; Libreoffice Discussion List
Subject: Re: [tdf-discuss] LibreOffice and Java Security: OpenJDK Vulnerability

I'm investigating, but the issue is a sandbox security manager bypass using
unauthorised reflection and that's exploited using Rhino Javascript. So the
context has to be a browser for there to be an issue even if OpenJDK is
affected. See https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0422 for
lots of data...

S.


[ ... ]


-- 
Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted


RE: [tdf-discuss] LibreOffice and Java Security: OpenJDK Vulnerability

2013-01-16 Thread Dennis E. Hamilton
Simon has just provided a superb account of the Java security problem in an 
InfoWorld blog post today:
<http://www.infoworld.com/t/java-programming/why-fixing-the-java-flaw-will-take-so-long-210946>.

I find this more-technical analysis to be plausible as well, and Simon's report 
provides context that makes it a bit more understandable:
<http://lists.grok.org.uk/pipermail/full-disclosure/2013-January/089375.html>.

My initial concern as this game of dominoes unfolded over the past few months 
was that Oracle had somehow managed to lose its grip on the reliable 
development of Java and especially its security and safety.  It is somewhat 
reassuring that the problems are with respect to new capabilities introduced in 
Java 7, offset by evidence that a concerted threat analysis was not done and 
that, even when a flaw was detected, the broader consequences did not appear to 
be recognized (or at least acknowledged).  

That the manner in which security flaws are handled in private can lead to 
rampant speculation about the competence/attitude of the software producer is 
not helping.  There is a tendency to now treat Java as insecure until proven 
otherwise, where proving otherwise is a near-impossible bar to hurdle.  (Look 
at the difficulty that Microsoft has in establishing that its products are 
*not* so insecure as it remains in the popular wisdom.)

For users of openoffice-lineage software, I am not sure what the concern should 
be.  Disabling java browser plugins seems prudent.  It may be inevitable that 
web sites will cease depending on users employing such plugins with the famed 
Java Applet disappearing into history.

That does not have so much to do with desktop software, apart from the fact 
that links to malicious web sites can be activated when those links are in 
documents or have been crafted into versions created by downstream creators of 
variant implementations, the ones that are carriers for malware of various 
kinds.  It seems wise, these days, to only obtain "official" releases, 
preferably ones that are digitally signed, such as those provided by The 
Document Foundation.

With regard to the use of Java in connection with extensions, including for 
database access, I think the question is more about the security and 
reliability of extensions, whether or not there is dependency on Java.  This is 
about more than Java since extensions run under the privileges of the extension 
user and no sandbox narrows those privileges.  

I have no doubt that more work is required to provide some way to verify the 
authenticity of extensions and also assess the dependability of their 
providers.  The more that openoffice-lineage software becomes the product of 
choice in attack-rewarding activities, the greater will be the urgency to have 
secure operation of the software and components employed with it. 

 - Dennis

-Original Message-
From: Simon Phipps [mailto:si...@webmink.com] 
Sent: Tuesday, January 15, 2013 19:29
To: Dennis Hamilton
Cc: lj; Libreoffice Discussion List
Subject: Re: [tdf-discuss] LibreOffice and Java Security: OpenJDK Vulnerability

I'm investigating, but the issue is a sandbox security manager bypass using
unauthorised reflection and that's exploited using Rhino Javascript. So the
context has to be a browser for there to be an issue even if OpenJDK is
affected. See https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0422 for
lots of data...

S.


On Tue, Jan 15, 2013 at 6:58 PM, Dennis E. Hamilton  wrote:

> Again, thanks to Simon Phipps for retweeting the information.
>
> It appears that one should *not* assume that OpenJDK does not share
> vulnerabilities with the Oracle Java SE and JDK:
>
> The log of changes to OpenJDK for the recent vulnerability (just as
> indication of the Oracle updating of OpenJDK):
> <http://mail.openjdk.java.net/pipermail/jdk7u-dev/2013-January/005354.html
> >
>
> The CVE:
> <
> http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
> >
>
> There is still reporting that this update is not a complete fix.  I have
> not found a reliable technical source that makes clear what the remaining
> concern is, or if it is simply a lag in reports that have not recognized
> the latest patches.
>
>  - Dennis
>
> -Original Message-
> From: Dennis E. Hamilton [mailto:dennis.hamil...@acm.org]
> Sent: Sunday, January 13, 2013 13:27
> To: 'lj'; 'Libreoffice Discussion List'
> Subject: RE: [tdf-discuss] LibreOffice and Java Security:
>
> This just out:
>
> <https://blogs.oracle.com/security/entry/security_alert_for_cve_2013>
>
> (Thanks to Simon Phipps for the link.)
>
> Note that the vulnerabilities "only affect Oracle Java 7 versions."
>
>  - Dennis
>
> -Original Message-
> From: lj [mailto:ljelou...@gmail.com

Re: [tdf-discuss] LibreOffice and Java Security: OpenJDK Vulnerability

2013-01-15 Thread Simon Phipps
I'm investigating, but the issue is a sandbox security manager bypass using
unauthorised reflection and that's exploited using Rhino Javascript. So the
context has to be a browser for there to be an issue even if OpenJDK is
affected. See https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0422 for
lots of data...

S.


On Tue, Jan 15, 2013 at 6:58 PM, Dennis E. Hamilton  wrote:

> Again, thanks to Simon Phipps for retweeting the information.
>
> It appears that one should *not* assume that OpenJDK does not share
> vulnerabilities with the Oracle Java SE and JDK:
>
> The log of changes to OpenJDK for the recent vulnerability (just as
> indication of the Oracle updating of OpenJDK):
> <http://mail.openjdk.java.net/pipermail/jdk7u-dev/2013-January/005354.html
> >
>
> The CVE:
> <
> http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
> >
>
> There is still reporting that this update is not a complete fix.  I have
> not found a reliable technical source that makes clear what the remaining
> concern is, or if it is simply a lag in reports that have not recognized
> the latest patches.
>
>  - Dennis
>
> -Original Message-
> From: Dennis E. Hamilton [mailto:dennis.hamil...@acm.org]
> Sent: Sunday, January 13, 2013 13:27
> To: 'lj'; 'Libreoffice Discussion List'
> Subject: RE: [tdf-discuss] LibreOffice and Java Security:
>
> This just out:
>
> <https://blogs.oracle.com/security/entry/security_alert_for_cve_2013>
>
> (Thanks to Simon Phipps for the link.)
>
> Note that the vulnerabilities "only affect Oracle Java 7 versions."
>
>  - Dennis
>
> -Original Message-
> From: lj [mailto:ljelou...@gmail.com]
> Sent: Saturday, January 12, 2013 19:23
> To: Libreoffice Discussion List
> Subject: [tdf-discuss] LibreOffice and Java Security:
>
> Hi all,
> I am not sure if this is the correct list for this message.
> I recently read this article about a Java 1.7 Security Problem.
> Does this problem concern LibreOffice and Java???
> This macrumors article post and reads that this problem effects java
> versions 4-7. At the moment oracle are at java 7.
>
>
> http://www.macrumors.com/2013/01/11/apple-blocks-java-7-on-os-x-to-address-widespread-security-threat/
>
>
> The Forbes article reveals that Mozilla, and Apple are advising users to
> disable Java on there machines because of this security problem.
>
> http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
>
>
>
> http://thenextweb.com/apple/2013/01/11/apple-takes-no-prisoners-immediately-blocks-java-7-on-os-x-10-6-and-up-to-protect-mac-users/
>
>
> Can I use LibreOffice without Java enabled on my computer?? As I receive
> annoying pop up windows when I first use libreoffice to install Java on
> Apple OS X Mountain Lion.
>
> --
> Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org
> Problems?
> http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
> Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
> List archive: http://listarchives.documentfoundation.org/www/discuss/
> All messages sent to this list will be publicly archived and cannot be
> deleted
>
>
> --
> Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org
> Problems?
> http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
> Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
> List archive: http://listarchives.documentfoundation.org/www/discuss/
> All messages sent to this list will be publicly archived and cannot be
> deleted
>
>
> --
> Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org
> Problems?
> http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
> Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
> List archive: http://listarchives.documentfoundation.org/www/discuss/
> All messages sent to this list will be publicly archived and cannot be
> deleted
>



-- 
*Simon Phipps*  http://webmink.com
*Meshed Insights & Knowledge *
*Office:* +1 (415) 683-7660 *or* +44 (238) 098 7027
*Mobile*:  +44 774 776 2816*
*

-- 
Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted



RE: [tdf-discuss] LibreOffice and Java Security: OpenJDK Vulnerability

2013-01-15 Thread Dennis E. Hamilton
Again, thanks to Simon Phipps for retweeting the information.

It appears that one should *not* assume that OpenJDK does not share 
vulnerabilities with the Oracle Java SE and JDK:

The log of changes to OpenJDK for the recent vulnerability (just as indication 
of the Oracle updating of OpenJDK):
<http://mail.openjdk.java.net/pipermail/jdk7u-dev/2013-January/005354.html>

The CVE:
<http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html>

There is still reporting that this update is not a complete fix.  I have not 
found a reliable technical source that makes clear what the remaining concern 
is, or if it is simply a lag in reports that have not recognized the latest 
patches.

 - Dennis

-Original Message-
From: Dennis E. Hamilton [mailto:dennis.hamil...@acm.org] 
Sent: Sunday, January 13, 2013 13:27
To: 'lj'; 'Libreoffice Discussion List'
Subject: RE: [tdf-discuss] LibreOffice and Java Security:

This just out:

<https://blogs.oracle.com/security/entry/security_alert_for_cve_2013>

(Thanks to Simon Phipps for the link.)

Note that the vulnerabilities "only affect Oracle Java 7 versions."

 - Dennis

-Original Message-
From: lj [mailto:ljelou...@gmail.com] 
Sent: Saturday, January 12, 2013 19:23
To: Libreoffice Discussion List
Subject: [tdf-discuss] LibreOffice and Java Security:

Hi all,
I am not sure if this is the correct list for this message.
I recently read this article about a Java 1.7 Security Problem.
Does this problem concern LibreOffice and Java???
This macrumors article post and reads that this problem effects java
versions 4-7. At the moment oracle are at java 7.

http://www.macrumors.com/2013/01/11/apple-blocks-java-7-on-os-x-to-address-widespread-security-threat/


The Forbes article reveals that Mozilla, and Apple are advising users to
disable Java on there machines because of this security problem.
http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/


http://thenextweb.com/apple/2013/01/11/apple-takes-no-prisoners-immediately-blocks-java-7-on-os-x-10-6-and-up-to-protect-mac-users/


Can I use LibreOffice without Java enabled on my computer?? As I receive
annoying pop up windows when I first use libreoffice to install Java on
Apple OS X Mountain Lion.

-- 
Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted


-- 
Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted


-- 
Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted


Re: [tdf-discuss] LibreOffice and Java Security:

2013-01-13 Thread lj
Hi,

Thank you for the links.

I am currently on Mac OSX 10.6 Snow Leopard with Java disabled on
LibreOffice and it is working normally.
I will test out the  Java 7 on Mac OSX Mountain Lion for the fixed
vulnerability in Java. The Mac OSX Mountain Lion System is running Java SE6
with LibreOffice at the momment. I think it is version 1.6.37.
That is the standard version which I installed when OSX Mountain Lion
prompted me to install Java for LibreOffice, when I first installed it and
ran the application.
 Mac OSX Mountain Lion does not come pre-installed with Java Software.


On Mon, Jan 14, 2013 at 8:26 AM, Dennis E. Hamilton  wrote:

> This just out:
>
> 
>
> (Thanks to Simon Phipps for the link.)
>
> Note that the vulnerabilities "only affect Oracle Java 7 versions."
>
>  - Dennis
>
> -Original Message-
> From: lj [mailto:ljelou...@gmail.com]
> Sent: Saturday, January 12, 2013 19:23
> To: Libreoffice Discussion List
> Subject: [tdf-discuss] LibreOffice and Java Security:
>
> Hi all,
> I am not sure if this is the correct list for this message.
> I recently read this article about a Java 1.7 Security Problem.
> Does this problem concern LibreOffice and Java???
> This macrumors article post and reads that this problem effects java
> versions 4-7. At the moment oracle are at java 7.
>
>
> http://www.macrumors.com/2013/01/11/apple-blocks-java-7-on-os-x-to-address-widespread-security-threat/
>
>
> The Forbes article reveals that Mozilla, and Apple are advising users to
> disable Java on there machines because of this security problem.
>
> http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/
>
>
>
> http://thenextweb.com/apple/2013/01/11/apple-takes-no-prisoners-immediately-blocks-java-7-on-os-x-10-6-and-up-to-protect-mac-users/
>
>
> Can I use LibreOffice without Java enabled on my computer?? As I receive
> annoying pop up windows when I first use libreoffice to install Java on
> Apple OS X Mountain Lion.
>
> --
> Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org
> Problems?
> http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
> Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
> List archive: http://listarchives.documentfoundation.org/www/discuss/
> All messages sent to this list will be publicly archived and cannot be
> deleted
>
>

-- 
Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted



RE: [tdf-discuss] LibreOffice and Java Security:

2013-01-13 Thread Dennis E. Hamilton
This just out:



(Thanks to Simon Phipps for the link.)

Note that the vulnerabilities "only affect Oracle Java 7 versions."

 - Dennis

-Original Message-
From: lj [mailto:ljelou...@gmail.com] 
Sent: Saturday, January 12, 2013 19:23
To: Libreoffice Discussion List
Subject: [tdf-discuss] LibreOffice and Java Security:

Hi all,
I am not sure if this is the correct list for this message.
I recently read this article about a Java 1.7 Security Problem.
Does this problem concern LibreOffice and Java???
This macrumors article post and reads that this problem effects java
versions 4-7. At the moment oracle are at java 7.

http://www.macrumors.com/2013/01/11/apple-blocks-java-7-on-os-x-to-address-widespread-security-threat/


The Forbes article reveals that Mozilla, and Apple are advising users to
disable Java on there machines because of this security problem.
http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/


http://thenextweb.com/apple/2013/01/11/apple-takes-no-prisoners-immediately-blocks-java-7-on-os-x-10-6-and-up-to-protect-mac-users/


Can I use LibreOffice without Java enabled on my computer?? As I receive
annoying pop up windows when I first use libreoffice to install Java on
Apple OS X Mountain Lion.

-- 
Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted


-- 
Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted


Re: [tdf-discuss] LibreOffice and Java Security:

2013-01-12 Thread Terrence Enger
I cannot address the important question, but ...

On Sun, 2013-01-13 at 14:22 +1100, lj wrote:
>  Can I use LibreOffice without Java enabled on my computer?? As I receive
>  annoying pop up windows when I first use libreoffice to install Java on
>  Apple OS X Mountain Lion.
> 

One of my systems lacks java, and I quite often run LibreOffice there.  
I understand that Base (i.e., database access) requires java, but 
everything else should work.  My experience is with Linux; you might 
find things a bit different.

HTH,
Terry.



-- 
Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted