Re: xulrunner 1.9.2 into sid?
On Tue, Jun 29, 2010 at 11:35:28AM -0400, Michael Gilbert wrote:
> On Tue, 29 Jun 2010 09:37:46 +0200, Mike Hommey wrote:
> > On Tue, Jun 29, 2010 at 02:57:32AM -0400, Michael Gilbert wrote:
> > > Mozilla actively makes it hard to stay up to date
> > > (by providing as little information as possible in their advisories);
> > > webkit (for the most part except for Apple announcements) makes it
> > > easy. This means security fixes are going to happen a lot faster since
> > > there is a lot less downtime waiting for patches to by disclosed.
> > Actually, that's not true. It's pretty easy to track the security
> > related changes in mercurial now (that was indeed a problem when mozilla
> > was still using CVS), and security bugs are as documented as Webkit's.
> > The only difference, for now, is that we have access to the Webkit bugs
> > while we (still) don't have access to the Mozilla ones. But that should
> > happen some day.
> > IOW, your point is void ;)
> OK, point taken (I don't have any perspective on mozilla's inner
> workings, so I didn't know this). However, do you want to continue
> suffering with the workload required to support the mozilla packages?
> The core problem I see is that there are two very vulnerable codebases
> currently planned to be supported, and manpower could be roughly halved
> if the codebases were reduced to one.
The point in releasing squeeze with 3.5/1.9.1 is precisely to only have
to support one codebase for all mozilla based software in debian...