F20 Self Contained Change: Apache OpenOffice
Andrea Pescetti
pescetti at apache.org
Sun Jul 21 22:52:29 UTC 2013
On 19/07/2013 Daniel Veillard wrote:
> One of my specific request therew is make sure that they link to the system
> libraries instead of relying on the embedded version used e.g. for
> Windows build. Very specifically make sure libxml2 etc... is not
> provided by static version inside but uses the system one (so we don't
> have to push Apache OpenOffice too if there is a libxml2 security errata !)
This is a guideline and we will follow it as closely as possible, but we
do still have some incompatibilities (meaning that OpenOffice needs
specially patched versions of some dependencies, or older versions of
libraries) which means that we won't be able to solve the problem
completely (well, patches welcome).
As for the security errata, I understand the technical point and I agree
with it, but in practice I wouldn't be too much concerned about it.
OpenOffice released only one out-of-cycle security update in the last
two years, and only three new versions in the same timeframe. While the
release cycle is expected to become shorter, OpenOffice is still very
far from releasing too often.
Regards,
Andrea.
More information about the devel
mailing list