Date: prev next · Thread: first prev next last
2012 Archives by date, by thread · List index

Re: [tdf-discuss] Re: Security Advisories

Simon Phipps wrote:
In my view all that's gone wrong this time is that the CVE was not
listed in the release announcement. That should probably be fixed
next time.

Hi Simon, all,

well - it's not that easy. The rationale to act as we did was this:
We wanted to release 3.4.6 as early as possible, announce it - and
in the announcement hint at the fact that this version includes
security fixes.

Lifting embargoes on CVEs is customarily left to other entities
rather than downstream consumers - at any rate, giving users the
time to upgrade, before such a thing goes widely public with all the
details, is just responsible IMO.

So what we did, and will do in the future, is release a version,
mention security fixes in a rather generic way (if there are any),
and after our users had time to upgrade, follow-up with more details
(see e.g.
for how we handled that for 3.4.3)


-- Thorsten

Unsubscribe instructions: E-mail to
Posting guidelines + more:
List archive:
All messages sent to this list will be publicly archived and cannot be deleted


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.