Re: mozilla - the forgotten package?
-----BEGIN PGP SIGNED MESSAGE-----
Am Donnerstag, 11. März 2004 18:24 schrieb Matt Zimmerman:
> On Thu, Mar 11, 2004 at 04:32:30PM +0100, Florian Weimer wrote:
> > There's no obvious solution. If Debian sticks to 1.0 on principle,
> > there's nothing we can do. It's unlikely we'll find a volunteer who
> > backports all those fixes to 1.0. I haven't found any commercial
> > distributor who still supports 1.0, either.
> > If we integrate 1.4 (that is, 1.4.2) into stable, we can take security
> > fixes from upstream and/or other distributors. It might still be a lot
> > of work (I'm going to try it next weekend or so), but it looks like a
> > more manageable task.
> This introduces a whole new set of problems, given Mozilla's upgrade
> history (not preserving user configuration data, breaking compatibility
> with dependent applications, etc.)
So what is you suggestion? Leaving the catastrophy untouched? Imho no mozilla
in debian is even better than a terrible broken mozilla in debian. And hey,
what about the programs depending on mozilla. They are effected as welll,
As a ordinary debian user, I doesn't have much knowlegde about debian at all,
but I agree with Florian Weimer. Something HAS to be done. This not a
question of realase politics or so.
Keeping woody stable by not switching to brand new version of some packages is
one (good) thing, but replacing broken packages is also very important.
Do really want to assure the stability of a security hole?
As user im not in charge with dicisions. But what about a petiotion or a poll?
Are there any guidelines from the current project leader? What about changing
the mozilla version in a democratic way?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
-----END PGP SIGNATURE-----