Re: Updating scanners and filters in Debian stable (3.1)
On Thu, Sep 16, 2004 at 10:56:19AM +0200, Josselin Mouette wrote:
>
> > > For example, will you accept new Mozilla upstreams? We have been
> > > shipping woody for a long time with mozilla packages containing known
> > > security holes, maybe we don't want this for sarge.
> >
> > No. Mozilla interfears with other programs that would have to be updated
> > as well and require even more packages and more updates, it's a whole new
> > can of worms.
>
> Just as the kernel is. Will you stop providing updates for the kernel
> packages because of the same reason?
>
> IMHO, this is insane. It means we have absolutely zero support for
> security updates on e.g. mozilla or OOo. This is a great disservice to
> our users.
The root of all evils is the fact that a few programs have development
cycles and/or architectures which does not allow backporting security fixes
without huge efforts.
Surely this is not true for the kernel, but probably it's not the same
for mozilla. Many antiviruses, IDSes or anti-spam systems require
wide changes in the engine to be effective on long period, and that gives
the same results: major upgrades are required, because upstreams cannot
or wouldn't support forever old versions.
Of course the true final solution for Debian is increasing release cycles
to mitigate this problem. Always the same old question...
--
Francesco P. Lovergine
Reply to: