incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <robw...@apache.org>
Subject Re: [RELEASE,CODE]: Bug 119090 - Default Encryption Fails for Down-Level Implementations
Date Sat, 24 Mar 2012 16:22:49 GMT
On Sat, Mar 24, 2012 at 9:45 AM, Dennis E. Hamilton
<dennis.hamilton@acm.org> wrote:
> Correcting my own typos and over-abbreviation of the previous post ...
>
> -----Original Message-----
> From: Dennis E. Hamilton [mailto:dennis.hamilton@acm.org]
> Sent: Saturday, March 24, 2012 06:28
> To: ooo-dev@incubator.apache.org
> Subject: RE: [RELEASE,CODE]: Bug 119090 - Default Encryption Fails for Down-Level Implementations
>
> Rob,
>
>  1. It is absurd to make headway to strengthen security without addressing the weakest
links first. When has that ever been a design principle?
>

It is not absurd at all.  When I leave my house I lock the back door
before the front, even thought I know the back door would be easier to
break through.  There is no mandated order in which we do things.
But you seem to be arguing for leaving the back door open just because
you think the front door's lock is weak.  That is absurd.

So -1 from me to changing the default unless you can come up with a
far better technical argument than you have.  For example, you might
demonstrate that users are actually confused by this change.  It would
be good to show some evidence of this.  Since OOo 3.4 beta had this
same change, and LibreOffice has made it as well, there should be 10
million+ users with the AES encryption enabled by default.  Can you
point us to something in the support forum or user lists where such
complaints/confusion are reported?   If it is a real problem we surely
would be hearing this from users.

-Rob

Mime
View raw message