Re: Mozilla "PostScript/default" security problems
On Fri, Jul 09, 2004 at 11:48:26AM -0400, Greg Folkert wrote:
> On Fri, 2004-07-09 at 02:29, Ralph Aichinger wrote:
> > In-reply-to: <email@example.com>
> > References: <firstname.lastname@example.org>
(Ralph, please fix your mail headers)
> > Greg Folkert wrote:
> > > A non-working Epiphany browser or non-working Galeon Browser. All I
> > can
> > > say, if you don't know to fix it in Sid, you should be using Stable.
> > As several threads on debian-user and debian-gtk-gnome point out,
> > the only way to fix this in sid is by recompiling the package.
> Er-kay. I see, umm, well EXACTLY MY POINT.
And that point is EXACTLY MOOT.
We DONT want people having to recompile mozilla just in order to be able
to print from their GNOME browser.
This is about printing support for the default GNOME browser. People
like you can do whatever geeky thing they please with their mozilla
setup, but, dude, we are trying to get a as-good-as-possible release out
of the door, including a kick-ass GNOME desktop. The Debian GNOME team
has worked very hard to have the end-user experience as enjoyable as
possible and make everything just work[tm]. Having to recompile mozilla
doesn't fit in the picture, see?
> > Hopefully Sarge will be released by Autumn. It does not look like
> > there will be a solution by then, at least for Epiphany (no Idea
> > about Galeon, don't use it). So this "don't use sid" is a non-argument.
> > Epiphany won't get a XPrint backend until Sarge is released unless
> > it somehow magically appears. As recompiling is not an option and
> > a browser without printing is considered broken, Ephy will be
> > possibly dropped from Sarge.
> If it has to be that way, then it does. Many packages I want to use are
> either orphaned or up for adoption. the WNPP list is getting insane.
Again. This is about the default GNOME browser. There is no option but
to make it work. Already now, half the GNOME community is laughing about
us and the hand-waiving we did to cripple epiphany downstream.
> > Also while I am not strictly against recompiling stuff, this does not
> > scale. What if OpenOffice compiles out stuff next, that can only
> > be fixed by rebuilding stuff? If I thought recompiling large packages
> > was so much fun, I would probably be using Gentoo.
> This I will agree. But, then why use Sid?
This is NOT about Sid, did you get this already? This is about releasing
> I can not tell enough people, enough times, that using Sid for daily
> production work can be and at sometimes is extremely painful. If you do
> not know how to workaround/fix these issues... USE STABLE.
If you don't understand that we try to make things easy for our users
(limited to the GNOME and/or KDE environments. As I said, you can do as
you please with all those other funky apps), please go elsewhere.
> > Add to this the compatibility problems some people have with
> > the XPrint backend (inferior graphics output, complicated
> > resolution settings, cut-off page borders on some printers)
> > even if they do not use Epiphany or Galeon, but Mozilla or
> > Firefox.
> Well now that is just silly beyond compare. I have not had any real
> difficulty making XPrint work as acceptably as any other printing
Yeah, but you're a "System analyst", while we have 1000 people in
Extremadura who have never seen a computer using Debian. If you agree to
drop by everybody and explain them how to setup XPrint that's fine of
> There is another thread is debian-security right now that has disclosed
> the threat and the web-site that offers the advisory.
That's more about PostScript attachments AFAICT. I still haven't seen a
convincing motive for dropping the PS printing support