[Libreoffice] Authorized information source about security fixes
Michael Meeks
michael.meeks at novell.com
Fri Feb 4 02:32:37 PST 2011
Hi guys,
On Thu, 2011-02-03 at 23:03 +0100, Rene Engelhard wrote:
> I don't know what you count as authorized, but this is at least worth
> pointing people to:
> http://lists.debian.org/debian-openoffice/2011/01/msg00287.html
Quite; and I will blog this as well (when I get on-line):
Interested by the concern and uncertainty being created
around the mistaken idea that there are some security fixes present
in OO.o that are not in LibreOffice. This is not so. LibreOffice
contains all the security fixes in 3.3.0 and perhaps more. Why more ?
simply as side-effects of our code cleans, application of cppcheck
etc. Many 'security bugs' are really just bugs, and we're working hard
to improve our code quality.
To improve code security many projects do code 'auditing', a big part
of which is careful reading of the code with this in mind. In
LibreOffice code review is the norm, so we aspire to a higher quality
from this perspective over time. Sadly, of course there are always
human errors, but as and when they are found, we aim to create fixes
and get them to our users more quickly via. our rapid monthly stable
releases.
IMHO we need to claim the moral high ground here; LibreOffice -should-
be increasingly more secure, if not now, then over time.
ATB,
Michael.
--
michael.meeks at novell.com <><, Pseudo Engineer, itinerant idiot
More information about the LibreOffice
mailing list