[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firefox and Sarge

On Tue, Aug 24, 2004 at 11:02:20AM -0700, Matt Zimmerman wrote:
> On Tue, Aug 24, 2004 at 09:52:02AM +0200, Francesco P. Lovergine wrote:
> 
> > The only sane thing to do is removing from stable when major problems came up.
> 
> As has been explained in the past, removing a package from stable is not a
> solution to its security problems.  All of the users of the package are
> simply abandoned, and firefox is an extremely popular package.
> 
> We cannot release software that we are unable to support.

And not releasing an extremely popular package isn't really ideal either.

My understanding of the stable update policy is if a package is really too
hard to backport, it can be argued that a newer version is okay for a
security update. I believe this happened with openssh once upon a time, and
I believe it was also a semi-disaster. But on a case by case basis, maybe a
bit more this needs to happen, rather than being bloody-minded about
backporting security fixes where it's just too much work.

It's a real pineapple, this problem.

regards

Andrew
Reply to: