
Apache OpenOffice is insecure - davidgerard
http://reddragdiva.tumblr.com/post/128873352708/urgent-get-the-hell-off-apache-openoffice-its
======
amk_
> the security hole: HWP files can be exploited and pwn your PC. obscure minor
> format, no problem … except that if you get a HWP file with a .DOC extension
> - say, what appears to be a MS Word file emailed you by anyone - you can get
> pwned by that.

> they’ve known about this since april 2015 and haven’t fixed it. they have
> distributed over 8 million known-vulnerable copies of AOO since 27 april.
> (and the 143 million vulnerable before that.)

> the fix is, literally, remove one file from the installer. they haven’t got
> it together to do this in five months.

\---

If the state of OpenOffice is really as bad as this person says, it would
probably be a good time to try to roll LibreOffice back under the banner as
the mainline (ala iojs -> node). IMHO one reason Libre never took off on
Windows as much as Linux is the strange brand name, at least to non-
participants in the great free software nomenclature war.

~~~
bad_user
I don't get what the word "libre" has with the " _great free software
nomenclature war_ " or why that would make people avoid LibreOffice.

It's also a very common word coming from the romance languages, with English
being the strange one that doesn't make a distinction between free as in beer
or as in speech. And in spite of what you may think, free as in beer on
Windows means freeware and that kind of software has really bad connotations,
hence the distinction is kind of necessary even from a branding perspective.

And btw, Occam's Razor applies: if LibreOffice has less success than
OpenOffice on Windows, that's probably because there's no Sun anymore to
promote it.

~~~
thaumaturgy
A lot of end-users still mispronounce Firefox as "Foxfire". They don't
understand what an operating system is and they don't know the URL bar exists
so they Google everything.

If your friendly neighborhood computer nerd, like me, tells them to check out
"Lee Bray Office", first they think that's a dumb name, and then they fail to
find it online.

In the geek niche, yeah, LibreOffice is fine. Outside of that, it's a
disadvantage.

(Doesn't help that the product was slow and buggy for a long time either, so
for a lot of users, it became, "oh, it was that crappy Microsoft Office
knockoff".)

~~~
metalliqaz
I pronounce it more like "leeb-RAW-fiss"

------
voltagex_
[https://www.openoffice.org/security/cves/CVE-2015-1774.html](https://www.openoffice.org/security/cves/CVE-2015-1774.html)

------
samspenc
I'm glad this got voted up. I've been tossing up on whether to use and
recommend OpenOffice or LibreOffice, and now I know which one to choose.

Its too bad there's so much FUD and arguments going back and forth between the
LibreOffice and OpenOffice communities. I wish the OpenOffice devs would just
support LibreOffice and make it a much better product and really competing
with MS Office.

------
mlinksva
My it is dismal to encounter an article about OpenOffice. I wish those
involved would mend whatever feelings and contracts are involved and get to
redirecting openoffice.org to libreoffice.org. I skim comments and don't
notice any path toward that happening (please point out if I've missed!) and
close tab. But I just realized I have some old blog posts linking to
openoffice.org. I've changed those to point to libreoffice.org. A tiny
thing...

------
davidgerard
Original title:

URGENT: get the hell off Apache OpenOffice, it’s insecure and not worked on
any more. LibreOffice is better in literally every way.

------
nullterminated
isn't the raison d'etre of foundations such as Apache to see to it that this
sort of thing doesn't happen to its products?

~~~
chris_wot
The amount of half-finished and unmaintained projects hosted by Apache is
remarkable.

~~~
WorldWideWayne
Yep and they refuse to accept issues at GitHub and their GitHub repos are all
just mirrors, so they make it really hard to contribute.

