I was a bit intrigued by this tweet:
The contrast between the LibreOffice & Apache Openoffice responses to CVE-2015-1774 speaks volumes about the relative state of the projects
— Simon Phipps (@webmink) abril 26, 2015
So I decided to see how exactly both projects have addressed that security problem.
Apache OpenOffice’s approach?
“Let’s stop bundling the component, and recommend people to fiddle in an unintuitive file system in order to remove it manually from their systems.”
“Let’s actually ship a fix to users, in two release branches at once (4.3.7 and 4.4.2), as soon as possible.”
You don’t have to be a genius to determine which project enjoys the best health. Just sayin’.