Openoffice 3.0 is not fit for distributed file usage and mixing of versions. The bugs which hits me: 1) it fails to resolve links (e.g. from deskop) when creating a lock file which can result in unlocked write access of more than one user to an oo-document. 2) ooo-2.4.x and ooo-3.x have different file locking strategies which are not compartible with each other, so you can't mix versions on the network. A fix is on the way for 3.1 (http://www.openoffice.org/issues/show_bug.cgi?id=96456). I would be happy if you can re-install the latest 2.4 ebuilds until this version is out. Reproducible: Always Steps to Reproduce: 1. create a link to your favorite oo-file on the desktop 2. open this file by clicking this link 3. look where ooo creates the hidden lock file: on the desktop! 4. other users do the same and won't see your lock file. 5. Try to access a file with one user using ooo-3 6. try to access the same file with another user using ooo-2.4.x 7. both can read and write... Actual Results: unpredictable file changes Expected Results: an error message saying the file is accessible in read only mode
I think bakcporting the fix to 3.0.x is a better solution since OOO 2.4 has more security issues.
About backporting: for gentoo-only installation this is ok, but can you tell the ubuntu people to include this backport in their ooo-build?
(In reply to comment #2) > About backporting: for gentoo-only installation this is ok, but can you tell > the ubuntu people to include this backport in their ooo-build? > This is not a ubuntu issue tracker and yes I was meaning gentoo-only.
(In reply to comment #1) > I think bakcporting the fix to 3.0.x is a better solution since OOO 2.4 has > more security issues. > Back-porting one fix is maybe feasible, but OOo 3.0.0 had plenty of issues (and I'd guess many of them survived to 3.0.1). So I very much agree with the original bugreport. I also don't understand the security policy you've applied. OOo is an office suite, which is mainly used locally with no threats from "outside". And I think that by far the most common "security issue" with the current software is that something does not work properly (especially the things that used to work, i.e., regressions). ...if you consider "security issue" anything which can harm your doing/business/etc. So why not to keep OOo 2.4.1 (or even 2.4.2) ebuild available at least with some testing or hard-masked keyword? Not everybody is keen on making overlays... Now it is quite late to do anything about it, but please consider this point of view. Thank you. (Note that this package is not the only affected by this unfortunate "policy". Also note that I've been careful not to use the term "security fascism";-)
Well I'm going to try to consider the points raised here for future versions. Anway: 3.1.0 has been released now, so closing this report...