[Libreoffice] Authorized information source about security fixes

Michael Meeks michael.meeks at novell.com
Fri Feb 4 02:32:37 PST 2011

Hi guys,

On Thu, 2011-02-03 at 23:03 +0100, Rene Engelhard wrote:
> I don't know what you count as authorized, but this is at least worth
> pointing people to:
> http://lists.debian.org/debian-openoffice/2011/01/msg00287.html

	Quite; and I will blog this as well (when I get on-line):

		Interested by the concern and uncertainty being created
	around the mistaken idea that there are some security fixes present
	in OO.o that are not in LibreOffice. This is not so. LibreOffice
	contains all the security fixes in 3.3.0 and perhaps more. Why more ?
	simply as side-effects of our code cleans, application of cppcheck
	etc. Many 'security bugs' are really just bugs, and we're working hard
	to improve our code quality.
	To improve code security many projects do code 'auditing', a big part
	of which is careful reading of the code with this in mind. In
	LibreOffice code review is the norm, so we aspire to a higher quality
	from this perspective over time. Sadly, of course there are always
	human errors, but as and when they are found, we aim to create fixes
	and get them to our users more quickly via. our rapid monthly stable
	IMHO we need to claim the moral high ground here; LibreOffice -should-
be increasingly more secure, if not now, then over time.



 michael.meeks at novell.com  <><, Pseudo Engineer, itinerant idiot

More information about the LibreOffice mailing list