![[TEST] Document Foundation Community](https://communitytest.documentfoundation.org/images/discourse-logo-sketch.png){kind=logo}
I am considering downloading your product to avoid having to buy Microsoft Office. But I have a question about your product. On your Features page you said that the LGPL public license could be hacked by the user. What does that mean? Does it mean that anyone can hack it? Please reply whenever you can. Thank you for your time.
I believe that what you're seeing is the fact that LO is "open source," which means that the code is
available to anyone who wants it, and therefore can be modified--"hacked," if you will--by anyone
sufficiently savvy to do so. It does NOT mean that the program you download and install in your
system has been modified or hacked, so long as you get it thru the LibreOffice website or thru your
Linux distribution's repository. But if someone wants to put in some extra feature, and is smart
enough to do so, he can, unlike with the Microsoft product, whose code is kept highly secret.
HTH--doug
Hi Mike,
Mike Watson wrote (22-12-11 02:08)
I am considering downloading your product to avoid having to buy
Microsoft Office.
Looks as a good idea to me 
But I have a question about your product. On your
Features page you said that the LGPL public license could be hacked
by the user.
What does that mean? Does it mean that anyone can hack
it?
It means that each and every person having skills in the area of software developing, is able to modify the code and adapt the software... *however* this only on the machine he/she has access to. The software that is offered for download to you and others, can not be altered by random persons.
You and everyone else can send in code-contributions - in fact that is a highly encouraged and appreciated form of contributing and key to open source - but contributions are submitted to the source after review only. And of course by people that have received contribute-rights because of their work.
So ... 'hacking' in this sense is not related to what is actually 'cracking' - breaking in software/computers, which lately also is pointed to as hacking.
Please reply whenever you can. Thank you for your time.
You're welcome!
Thanks for asking and I hope my explanation is clear enough. If not please write.
And I think that it's good also that we have a look at our website, in order to prevent future misunderstanding.
Regards,
Cor
PS - have added you as cc since you're not subscribed to the list or Gmane for this list.
Hi
+1
"Hacking" is a term generally misused in the press and society at large. The real meaning has nothing to do with illegal or destructive vandalism.
My understanding is that people can take the code and add their own developments as long as they use a suitable licence for their result. Such variants can't use the name LibreOffice or TDF and must make it easy to access the original source code for free. If people request physical media such as Dvds or Cds with the code then reasonable charges can be made for the physical media itself and postage&packing, administration (and such) but the actual code itself must be free. Even when people ask for physical media they need to be given a free link to the free download.
I think if a company wants to make some in-house tweaks it is probably easier to write an Extension / Add-on instead of trying to mess with the main code and then worrying about upgrades. Since an Extension is external to the main code-base it could be released as a proprietary add-on / Extension but that would miss out on the opportunity to make it easy for people to update if there were problems with the Extension.
Any code that gets into the program that is allowed to be called LibreOffice has to pas rigorous QA at TDF involving alpha and beta-testing on hundreds of thousands (perhaps even millions) of real-world machines throughout the world.
Many companies find it's worthwhile to add any changes they want into submissions to the TDF to improve the product for everyone else as well as themselves. This way they get their code tested much more widely than they could feasably manage themselves. On their own they would have to rely on testing done on a few virtualised/'perfect' machines and only a tiny number of bare-metal machines with a limited range of hardware. Obviously they give-up any copyright and their code may end up getting tweaked or re-written but the advantages are huge and make it worthwhile in such a large project as LibreOffice.
Companies such as Novell, RedHat, Google, Cannonical (of Ubuntu fame) and many others are involved in writing and using the code.
Regards from
Tom
I take it you do not think that the version[s] of LibreOffice on the LibreOffice-NA.US <http://libreoffice-na.us/> site [and other project sites] are an unmodified versions of LO?
These DVD projects, like the -NA.us one, do not modify LO, but they present LO towards a specific community group. There are several projects out there, some with links on the LO web pages. They do not have the range of install files that LO's "official" site has, but that does not mean they are "hacks" of LO.
LibreOffice-NA.US <http://libreoffice-na.us/>, has produced a DVD versions for distribution of LO and all the extras that a user might want with their LO install. Documentation, dictionaries and other extensions, templates, artwork, etc., etc., all in one place or on the DVD media so the user does not have to go searching different places for them. Some of the extras are not conveniently accessible on the LO web pages for the users to find, since they are not found on LO's sites.
There are other projects in other languages, for DVD and other access to LO's files. They may or may not have their project "officially" listed on one of LO's web pages. I know for a fact that there is a guy in Malta that is creating a distribution DVD for his native language, which is not listed in the LO pages.
SO, please do not imply that if you get your copy of LO from places other than LO's download page or the Linux repository, it would be an unofficially modified version of LO. That is not true for all cases. Many people are just presenting LO differently in a different way, without modifying the install files.
Hi
True that the code is unmodified in the North American Dvd project (and other Dvd projects). Typically, as i understand it, they tend to bundle a bunch of useful programs and useful extras (better dictionaries, artwork, templates, Extensions etc) that people can choose to use (or not use) in addition to the main program supplied in/on the Dvd.
Personally i think all those Dvd projects should be hosted on TDF and LibreOffice servers in addition to other places if possible. While they aren't, there is an element of suspicion for people that are not familiar with the personalities involved. Those of us that do know you have good reason to trust you. My understanding is that the Dvd projects are there mainly for people to make Dvds in bulk in order to sell or distribute at events and such rather than being for the general public.
Regards from
Tom
Libreoffice is open source software issued under the LGPL license which means that LO must provide the source code to anyone who wants it. Thus anyone, assuming they have the skills, can modify the code for internal/personal use, possible inclusion into the LO base code, or release as a derivative project or fork. If you release the code, under the terms of the LGPL you must release the source code. Note, modified code that LO has not included in the main code base must be released as a fork.
LO is actually a fork of Open Office another open source project now under the Apache Foundation. Thus the original code for LO is from OOo and it has been modified to improve it resulting in LO.
There are numerous official, semi-official, and unofficial sources of LO.
What I do not like is when people tell others that if the files do not come from their source, then they must [or implied that way] have something "nasty" hidden inside.
There are many places where you can find "clean" copies of LibreOffice. There are many people out there who are doing their best to create different ways to distribute LibreOffice to their region of the world. I am just one of them.
Over the years to come, there will be many new ways for people to get the latest and greatest open-source software. These ways may exist now, or are yet to be developed. One way would be from magazine DVDs or other offers like that. Then there will be cloud systems that are offering LO for use. All these new ways to get access to LO will not be through the current "Official LibreOffice website". So if you have the view that if you do not get it from the LO site, for windows, and the repositories for Linux, are we to just tell people that they should not use all these new ways to get or use LO since they are not from either of his/hers "approved" sources?
Sure, some places I would not want to download from. I use WOT [Web of Trust] Google filter on my browser to help stay away from those sites. As always, you should run any downloads through your security software to make sure that there is no nasties within them. But, I do not say that you have to avoid going to other sites or distribution methods if you want to get unmodified copies of LibreOffice.
Hi
Lol, true, i think. OpenOffice is a fork of Star Office. Actually i think some people would argue that LibreOffice is the continuation of OpenOffice and that OpenOffice under Oracle and now Apache is the fork. TDF is most of the original OpenOffice.org community from when that was under Sun and so as a community project LibreOffice is arguably the continuation rather than the "new kid on the block".
Either way both projects have at least a decade of experience working under the LGPL type copyleft (rather than copyright) agreements. Creative Commons copyleft agreements for documents, artwork, videos and so on presumably built from the GPL and LGPL.
http://creativecommons.org/
Regards from
Tom
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[...]
Personally i think all those Dvd projects should be hosted on TDF and
LibreOffice servers in addition to other places if possible. While they
aren't, there is an element of suspicion for people that are not
familiar with the personalities involved. Those of us that do know you
have good reason to trust you. My understanding is that the Dvd projects
are there mainly for people to make Dvds in bulk in order to sell or
distribute at events and such rather than being for the general public.
Regards from
[...]
Trust no one but the MD5 sums. I include all of them for every single
file I put on LibO DVDs I distribute. I've also provided the simple
commands needed to do that recursively for a file tree:
http://wiki.documentfoundation.org/User:MagicFab/LibODVD#Files
MD5 sums don't provide ultimate proof the files are OK, but you get the
idea.
They help proving the file I distribute are identical to the files on
the web site, so if/when anyone brings that point up, the discussion is
rather short.
Cheers,
Fabian Rodriguez
http://wiki.documentfoundation.org/User:MagicFab
- --
- --
Fabián Rodríguez
Hi
Fair point.
I think officially we should recommend the official site and the repositories of the various Gnu&Linux distros but as you point out that doesn't mean we need to tarnish the reputation of other sources without knowing more about them.
People should be treated as innocent until proven guilty rather than the other way around. (But of course play it safe even from official places)
Regards from
Tom
Such people are fully justified. Previously, someone made very serious
recommendations about the poor level (i.e. synonymous with the m$
mentality) of security regarding the "service" you are providing: did
you improve the security of your web site???
As for the assumption that web sites should be considered innocent
until proven guilty: utter naive nonsense. Unless you can speak/see
people ear-to-ear/eye-to-eye, only official sources should be used.
By definition, those that want to disregard security are free to
distribute open source software as they want (even charge for it), but
there is no justification for official sources to acknowledge,
support, endorse un-official sources.