Apache OpenOffice (AOO) Bugzilla – Issue 50169
respect "Trusted sources" at all security levels
Last modified: 2006-08-16 12:49:05 UTC
Currently, you can configure different security levels in "Tools|Options|Security|Macro Security", affecting which documents from which sources are allowed to run embedded macros. Ignoring signed documents for the moment, there are three levels: - only execute macros from trusted sources - manually confirm macros embedded in documents - execute all macros Additionally, there's a list of trusted sources (e.g. file locations) which can be configured by the user. Unfortunately, this list is only respected at the highest security level. This means that it's not possible to - execute macros from trusted sources without confirmation AND confirm all other macros I claim that users often have specific file locations where they collect trusted documents (for example: ~/documents/specifications), which they want to execute without being asked, but still want to have the possibility to execute macros in other documents with confirmation. This is not possible anymore today. It was possible in OpenOffice.org 1.x, and got lost with the re-design of the security concept. Thus I suggest to respect the "Trusted sources" list on all security levels, not only on the highest.
Funny. It seems the behaviour changed, so that now (as of 680m181), "Trusted sources" is in fact respected for all security levels. In 2.0, this was not the case. In 2.0.1, it is. Issue 44521 claims that it always worked as requested, but was described wrongly. However, trying it in 2.0 reveals that it did *not* work as requested here. Anyway, all is fine now ...
closing