incubator-ooo-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 119090] Default Encryption Fails for Down-Level Implementations
Date Mon, 26 Mar 2012 00:48:47 GMT
https://issues.apache.org/ooo/show_bug.cgi?id=119090

--- Comment #29 from orcmid <orcmid@apache.org> 2012-03-26 00:48:47 UTC ---
(In reply to comment #28)
> (In reply to comment #27)
> > (In reply to comment #25)
> > 
> > > Concerning the patch: please dont include cosmetical changes on the license
> > > with code.
> > 
> > Sorry about the cosmetic changes.  I followed the instructions for creating and
> > submitting a patch from my SVN Working Copy.  I think those changes are because
> > the editor I used is set to remove trailing blanks on lines.  I didn't notice
> > until I submitted the patch.
> > 
> That's OK, just thought I'd mention it for future occasions :).
> I think that if just changing the default values here is
> sufficient:
> officecfg/registry/schema/org/openoffice/Office/Common.xcs
> then that would be a better place to do it as it seems less
> invasive. I don't really have the time to test it though.
> In general I do agree we should avoid surprises to our users
> for this release.

(In reply to comment #26)
> (In reply to comment #25)
> > Comment on attachment 77345 [details]
> > Change saveopt.cxx so that both UseSHA1InODF2 and UseBlowfishInODF2 are true by
> > default
> Nevermind ... I understand now that both UseSHA1InODF12 and UseBlowfishInODF12
> must be there as they are for different things.
> I am not an expert of the code, but those values are also set here:
> officecfg/registry/schema/org/openoffice/Office/Common.xcs

I thought I checked every occurrence of Blowfish in trunk/main. I obviously
missed these.  I suspect grep didn't think this was a text file.

Common.xcs is supposed to be a schema, so I am not sure what the impact of
those entries are.  If they are used to supply defaults, separate from the ones
I found (which are in the initialization of a class at the time of its
construction), then these should have their <value>false</value> sub-elements
changed to <value>true</value>. 

It would be a concern, here, if this schema actually prevents an user's change
to those configuration options.  

I agree, we need to get to the bottom of this, *either* *way*.  

PS: If these settings are preset, it is apparently in files like
registrymodifications.xcu.  

I found, on Windows XP SP3 under Document & Settings\orcmid\Application Data\
OOo-dev\3\user\registrymodifications.xcu settings that indeed set the SHA1 and
BlowfishInODF2 options to false.

According to the community forum, this is where users have to edit these
manually in order to change them.  What a hoot.

I think the default should be changed in both places - in the class initializer
that I found to patch, and in the Common.xcs.  If the option is mentioned in
the configuration file, it changes what is initialized in the class when read
by the starting application.

We'll know its working when we see the change in registrymodifications.xcu

Then we can go on to see if it actually works for users to edit these entries. 
I agree with TJ, this requires a tool or script for changing the settings. 
That, and add control in Tools | Options post AOO 3.4.

-- 
Configure bugmail: https://issues.apache.org/ooo/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Mime
View raw message