Apache OpenOffice (AOO) Bugzilla – Issue 126703
Upgrade to Preferred Windows Installer Technique
Last modified: 2017-02-12 17:58:49 UTC
This security-related message addresses important steps to be taken in providing reliable installers on Windows, http://seclists.org/fulldisclosure/2015/Nov/101 There are three aspects that apply to Apache OpenOffice 1. Switching from an .exe installer to an .msi installer. (This would eliminate the strange behavior of unpacking a setup folder onto desktops and leaving it there.) 2. Having the .msi installer and all executable components digitally-signed with embedded signatures recognized by Windows. 3. Having registry entries and run-time loading for libraries and components follow safe practices to prevent interception leading to operation of malicious code. There are other matters with regard to safe practices that apply to the platform and that do not extend to Apache OpenOffice installation. The above three matter for demonstrating that the project is careful for the safety of the users of our binary distributions on Windows. This might have some beneficial effect with regard to anti-virus false positives and also discouraging the wrapping of AOO in installers that piggy-back adware/malware and impose subscription/upgrade fees and otherwise pass off as being authentic AOO distributions.