Re: xulrunner 1.9.2 into sid?
On Tue, 29 Jun 2010 09:37:46 +0200, Mike Hommey wrote:
> On Tue, Jun 29, 2010 at 02:57:32AM -0400, Michael Gilbert wrote:
> > Mozilla actively makes it hard to stay up to date
> > (by providing as little information as possible in their advisories);
> > webkit (for the most part except for Apple announcements) makes it
> > easy. This means security fixes are going to happen a lot faster since
> > there is a lot less downtime waiting for patches to by disclosed.
> Actually, that's not true. It's pretty easy to track the security
> related changes in mercurial now (that was indeed a problem when mozilla
> was still using CVS), and security bugs are as documented as Webkit's.
> The only difference, for now, is that we have access to the Webkit bugs
> while we (still) don't have access to the Mozilla ones. But that should
> happen some day.
> IOW, your point is void ;)
OK, point taken (I don't have any perspective on mozilla's inner
workings, so I didn't know this). However, do you want to continue
suffering with the workload required to support the mozilla packages?
The core problem I see is that there are two very vulnerable codebases
currently planned to be supported, and manpower could be roughly halved
if the codebases were reduced to one.