Re: Fwd: Porting Iceweasel 10.0.8 ESR to the Stable Backports.
On 31/10/12 07:59 PM, daniel curtis wrote:
> According to your opinion, a better solution is to use the Debian Mozilla
> Team archive instead of squeeze-backports where users must waiting
> a /little/ longer for a security update?
I'm confused. Longer than what? The current situation, for backports.d.o
mozilla users, is that they'll *never* get a new version, as per the FAQ.
> You also wrote, that updated
> version
> of Iceweasel 10.0.10 is on mozilla.debian.net
> <http://mozilla.debian.net> since Oct 26. This means,
> that backports users are using vulnerable Iceweasel for almost 5 days,
> right?
> It seems impossible and ... ?
See the FAQ quote below. As you can see, even with backports.d.o, there
is no guarantee as to how long it will take, as it is on a "best effort
basis" only, so getting the packages from mozilla.debian.net can't be
any worse (especially as it's going to be the same people doing the work
that would've otherwise prepared packages for backports.d.o).
Q: Is there security support for packages from backports.debian.org?
A: Unfortunately not. This is done on a best effort basis by the people
who track the package, usually the ones who originally did upload the
package into backports. When security related bugs are fixed in Debian
unstable the backporter is permitted to upload the package from directly
there instead of having to wait until the fix hits testing. You can see
the open issues for squeeze-backports in the security tracker (though
there may be false positives too, the version compare isn't perfect yet).
Ben
Reply to: