Re: xulrunner 1.9.2 into sid?
On Tue, 29 Jun 2010 09:37:46 +0200, Mike Hommey wrote:
> On Tue, Jun 29, 2010 at 02:57:32AM -0400, Michael Gilbert wrote:
> > Mozilla actively makes it hard to stay up to date
> > (by providing as little information as possible in their advisories);
> > webkit (for the most part except for Apple announcements) makes it
> > easy. This means security fixes are going to happen a lot faster since
> > there is a lot less downtime waiting for patches to by disclosed.
>
> Actually, that's not true. It's pretty easy to track the security
> related changes in mercurial now (that was indeed a problem when mozilla
> was still using CVS), and security bugs are as documented as Webkit's.
> The only difference, for now, is that we have access to the Webkit bugs
> while we (still) don't have access to the Mozilla ones. But that should
> happen some day.
>
> IOW, your point is void ;)
OK, point taken (I don't have any perspective on mozilla's inner
workings, so I didn't know this). However, do you want to continue
suffering with the workload required to support the mozilla packages?
The core problem I see is that there are two very vulnerable codebases
currently planned to be supported, and manpower could be roughly halved
if the codebases were reduced to one.
Best wishes,
Mike
Reply to: