#1051474 libreoffice: Please add embeded code copies to embeded-code-copies on security tracker debian.tar.xz/tarballs

Package:
src:libreoffice
Source:
src:libreoffice
Submitter:
Bastien Roucariès
Date:
2025-08-08 14:19:21 UTC
Severity:
normal
Tags:
#1051474#5
Date:
2023-09-08 13:49:29 UTC
From:
To:
Dear Maintainer,

Could you document that you embded a few tar ball under the security tracker ?
For oldstable/stable/unstable

Version should be documented.

Moreover you do not document where you downloaded these file a comment under
copyright will be helpful (README.source say how to retrieve it not the link to
get).

Thanks

Bastien
#1051474#10
Date:
2023-09-10 05:44:02 UTC
From:
To:
severity 1051474 important

thanks

Hi,

Am 08.09.23 um 19:19 schrieb Bastien Roucariès:

Since when is that serious? It isn't. There have been no complains from
anyone in the security team in any of the last security updates?

(None of which affected any of the internal copies used,)

The policy says "should". And it it it followed.

The most stuff isn't used as internal code copies, only the unavoidable
ones is. And TTBOMK the security team DOES know it.

 > Could you document that you embded a few tar ball under the security
tracker ?

You mean I should send MRs to it?

 >Moreover you do not document where you downloaded these file a comment
under

The fetch it manually and put it there.  (Which normally would be done
from upstreams build systeem for ALL tarballs, even those not used..)

(It basically always is https://dev-www.libreoffice.org/src/ (which
mirrors stuff they got from the website):

Makefile:        $(call
fetch_Download_item_unchecked,https://download.documentfoundation.org/libreoffice/src/$(shell
echo $(gb_LO_VER) | sed -e
"s/\([0-9]*\.[0-9]*\.[0-9]*\).*/\1/"),libreoffice-$(i)-$(gb_LO_VER).tar.xz))


Regards,


Rene
#1051474#17
Date:
2023-09-10 07:13:37 UTC
From:
To:
Le dimanche 10 septembre 2023, 05:44:02 UTC Rene Engelhard a écrit :

I have reason to complain security wise

Yes I know

Yes I think so

:S

I will really prefer that we download from upstream
#1051474#22
Date:
2023-09-10 11:51:56 UTC
From:
To:
Still this isn't an RC bug.

Cheers,
        Moritz
#1051474#27
Date:
2024-04-17 11:53:46 UTC
From:
To:
Dear submitter,

as the package libreoffice has just been removed from the Debian archive
experimental we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1069123

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
#1051474#36
Date:
2025-08-07 22:12:16 UTC
From:
To:
Humanitarian Grant of 1.5M for you. Reply for claims