Re: Switching to mozilla ESR in stable-security

To: debian-devel@lists.debian.org
Subject: Re: Switching to mozilla ESR in stable-security
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Sun, 2 Jun 2013 10:58:44 +0200
Message-id: <[🔎] slrnkqm2a4.4u1.jmm@inutil.org>
References: <20130529185021.GA9742@jtriplet-mobl1> <1369924284.5345.7.camel@fermat.scientia.net>

Christoph Anton Mitterer <calestyo@scientia.net> schrieb:
>
> --=-dGSWlplfgLb+HUgDia6J
> Content-Type: text/plain; charset="UTF-8"
> Content-Transfer-Encoding: quoted-printable
>
> Hi Moritz.
>
> Moritz Muehlenhoff wrote:
>> In the future the majority of packages should thus rather be installed
>> through http://addons.mozilla.org instead of Debian packages.
> Form a security POV, I think this is really quite dangerous... actually
> tendency should go towards the direction that users install plugins
> addons only via the package management system.
>
> These plug-in systems which come with their own "package/installation
> management" are IMHO also quite bad from a philosophical POV... I mean
> they try to replace the traditional package management system, which is
> there and superior for very good reasons.
>
> Of course this doesn't mean that I wouldn't see the problem you face
> with keeping that stuff running and security supported.

In think in the future providing the xul extensions through the Debian
Developer repositories provided by the FTP masters would be the most
elegant way: There's a one month overlap between ESR and ESR++, so there's
sufficient time to prepare/test extensions before the ESR++ hits users.

However, we don't currently have these repositories, so addons.mozilla.org
is the best we have for now.

Cheers,
        Moritz

Reply to:

Prev by Date: Re: Feedback on Debian 7.0
Next by Date: Re: Switching to mozilla ESR in stable-security
Previous by thread: Re: Switching to mozilla ESR in stable-security
Next by thread: Re: Switching to mozilla ESR in stable-security
Index(es):
- Date
- Thread