Re: security related bug report - no maintainer reaction for 1 year

To: debian-devel@lists.debian.org
Subject: Re: security related bug report - no maintainer reaction for 1 year
From: Matt Zimmerman <mdz@debian.org>
Date: Wed, 28 Jul 2004 00:32:46 -0700
Message-id: <[🔎] 20040728073246.GB4156@alcor.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 87fz7c98xv.fsf@scabbers.bignachos.com>
References: <[🔎] 20040721112904.GE7179@lst.de> <[🔎] 87u0w1iju8.fsf@papadoc.bayour.com> <[🔎] 87u0vuqsmu.fsf@deneb.enyo.de> <[🔎] 20040727005832.GB3821@alcor.net> <[🔎] 873c3ecgy6.fsf@scabbers.bignachos.com> <[🔎] 20040727071446.GA3589@finlandia.infodrom.north.de> <[🔎] 87y8l59wdi.fsf@scabbers.bignachos.com> <[🔎] 20040727181750.GA3854@alcor.net> <[🔎] 87fz7c98xv.fsf@scabbers.bignachos.com>

On Tue, Jul 27, 2004 at 07:12:12PM -0700, Brian Nelson wrote:

> It would be a Herculean task to go through each bug, verify it applies to
> Woody, backport the patch required to fix it (if it's even possible to
> backport every patch considering how active Mozilla development has been
> the past couple years), and come out with something usable.  I'm certainly
> not about to try it, especially considering how much easier it would be to
> just use the latest Mozilla version instead.

It is easier to make declarations than to do the work required, no matter
what approach is taken.  Security and stability, on the other hand, are not
easy, and together they are harder still.

Have you tried building Mozilla 1.7.1 on woody recently?  I have.

-- 
 - mdz

Reply to:

References:
- security related bug report - no maintainer reaction for 1 year
  - From: Johannes Poehlmann <johannes@lst.de>
- Re: security related bug report - no maintainer reaction for 1 year
  - From: Turbo Fredriksson <turbo@debian.org>
- Re: security related bug report - no maintainer reaction for 1 year
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: security related bug report - no maintainer reaction for 1 year
  - From: Matt Zimmerman <mdz@debian.org>
- Re: security related bug report - no maintainer reaction for 1 year
  - From: Brian Nelson <pyro@debian.org>
- Re: security related bug report - no maintainer reaction for 1 year
  - From: Martin Schulze <joey@infodrom.org>
- Re: security related bug report - no maintainer reaction for 1 year
  - From: Brian Nelson <pyro@debian.org>
- Re: security related bug report - no maintainer reaction for 1 year
  - From: Matt Zimmerman <mdz@debian.org>
- Re: security related bug report - no maintainer reaction for 1 year
  - From: Brian Nelson <pyro@debian.org>

Prev by Date: Re: ftp-master support fro Debian pre-versions xx~yy-1 [katie@ftp-master.debian.org: Processing of libpri_1.0~RC1-1_i386.changes]
Next by Date: Re: init scripts and su
Previous by thread: Re: security related bug report - no maintainer reaction for 1 year
Next by thread: Re: security related bug report - no maintainer reaction for 1 year
Index(es):
- Date
- Thread