[yjftsjthsd-h]

The allegation upthread (https://news.ycombinator.com/item?id=37646366) was that security fixes are so slow to come out that it is more or less irrelevant that they eventually get released. While OO release notes do list security issues that are fixed in that release, I can't seem to find info about when each was found/reported so it's hard for me to tell whether that particular example was unusually long or not; if you have evidence that the process has improved that would be useful to know.

> We do wish to know about security problems. We are an all volunteer project. AFAIK No one is paid anything to work on Apache OpenOffice

That makes it understandable that people can't commit to working on it, but isn't exactly a counterargument to "the project doesn't patch quickly". Like, it's not a personal attack, it's a breakdown of risk factors, in which case nobody getting paid to care is another argument that the product won't fix vulnerabilities quickly.