Recent searches
Search options
It’s really really embarrassing that @TheASF still distributes OpenOffice, leaving people like this schoolteacher (name omitted to spare them spam) to think it’s a maintained or viable alternative.
My casual count suggests LibreOffice has done 40+ releases since OOo last did a release.
@TheASF Don’t know how many of those are security releases in the shared codebase but gonna guess… more than zero.
@luis_in_brief I could see leaving the repo up, but having the download page up is horrible.
@kingrat @luis_in_brief Not just up but actively touting the project. But this has been a known problem for years and ASF continues to defend it.
@luis_in_brief The ASF is not a serious organization anymore, it's where dead, non-copyleft projects go to retire. It exists to benefit corporations using such legacy software, even though it's not a 501(c)(6).
@luis_in_brief @TheASF OMG they still allow people to downloand it? WTF?!?!?!
@blogdiva @luis_in_brief @TheASF Oh yeah. Here’s the current banner on the site, where the right hand navigation notes that they’ve done three releases in 2.5 years, for a complex C++ codebase responsible for opening files downloaded from the Internet.
What could go wrong.
@blogdiva @luis_in_brief @TheASF And here’s a story about them taking so long to patch a CVE that the white-hat published anyway; if I’m reading the dates right it took five months to roll a release (notified in May; agreed release in August; researcher delayed until September; 4.1.1 was released in October.)
@luis_in_brief @TheASF jesuschristinahandbasket eeeek!
@blogdiva @luis_in_brief @TheASF And here’s a story about the time they also had that problem in 2016:
https://lwn.net/Articles/695562/
And 2015: https://lwn.net/Articles/650411/
@blogdiva @luis_in_brief @TheASF Oh, dang it, I was going to mention that in the alt text 
@luis_in_brief @blogdiva @TheASF Using the non-free Comic Sans to celebrate free software sure is a choice
@luis_in_brief It's embarrassing that @TheASF still exists.
@dalias @luis_in_brief @TheASF
If my memory is right, it would have been Star Office in 1995.
It seems clear to me that the embarrassment lands squarely on the tech media, who should be far better at communicating "#OpenOffice is not what you're looking for, use #LibreOffice @libreoffice instead". That's firmly within the tech media's job.
The job of @TheASF lies primarily in maintaining software. Let them maintain whatever software, for as long as people want it maintained.
@bignose @libreoffice @TheASF No, ASF has the domain and the Google/SEO juice, so they have the primary responsibility.
And to be clear they’re not actually maintaining it, since it regularly has security vulnerabilities that go unpatched for months at a time.
@bignose @libreoffice @TheASF Eg, the OpenOffice website could say “please don’t download this, we just do it for fun and as a result this often has security vulnerabilities. If you want an free office suite that is maintained to a high level of professionalism and security, please go to libreoffice.org”. But instead it not only encourages downloads, it misleads a banner stating “380M downloads”, giving the impression that it is an active (and presumably secure) project.
@luis_in_brief @bignose @libreoffice @TheASF something needs to be done about this. It's unethical to distribute insecure software. If there's corporate association here they could find themselves in a law suit, too, though most likely victims wouldn't have the wherewithal to initiate one. Where is sense of responsibility to one's community?
@bluetea Please contact press@apache.org and ask them why they're still distributing OpenOffice despite multiple unfixed security issues over a year old. The more people that do this, the more chance there is of finally putting it in the Attic...
@luis_in_brief @bignose @libreoffice @TheASF tbh I didn't know that OO is not well-maintained until your post...
I was thinking that way because of Manjaro calamares installer (which I used like 5 years ago) that had two options of office suite.
@somereatardedwood @bignose @libreoffice @TheASF it’s unfortunate but this is the case. Elsewhere in this thread I’ve posted at least three situations where a security researcher did proper bug filing against OOo, and then no release was done until after the security researcher had done the correct thing (waited, waited, and only then with reluctance published the vulnerability). And given that Libreoffice is doing regular security releases from a similar codebase, there’s almost certainly more.
@luis_in_brief Please contact them (apache@apache.org) and ask why they're still distributing OpenOffice despite multiple unfixed security issues over a year old, and no updates. Let us know what they say. Thanks!
@bignose @TheASF @libreoffice Not at all. The media can report on it (and they have, there are articles linked in this thread), but ASF is responsible for its own failure when they’re supposed to act as a FOSS project incubator. Nothing much is incubating here, and there’s no reason they should be misleading users when there’s an actively maintained fork.
@kirb You can email press@apache.org and ask them if it's responsible to keep distributing OpenOffice despite the multiple, year-old security issues. See what they respond...
@luis_in_brief @TheASF nonsense! In '95 it would've been StarOffice, and wasn't open-sourced until a few years later giving birth to OpenOffice 