Re: mozilla - the forgotten package?
Am Dienstag, 9. März 2004 17:20 schrieb Steve Kemp:
> On Tue, Mar 09, 2004 at 05:15:42PM +0100, Jan L??hr wrote:
> > over the last months, various security related bugs in mozilla appeared
> > and were fixed in new versions of mozilla - but what about the debian
> > package? Are there any efforts for making mozilla secure or to backport
> > the mozilla patches to debian?
> > Due to depency with galeon new mozilla versions cannot be intergrated
> > easily, but right now, the debian mozilla contains some seriuos security
> > related bugs.
> > So is mozilla the forgotten package? Considering how popular mozilla is,
> > making it secure would be worth the effort - imho.
> I think it's a case of time and energy. I started updating the
> current woody packages to handle some of the reports, after mdz
> pointed me to a list.
> However it was very timeconsuming and very shortly after I started I
> stopped having to support graphical stable boxes; so it became a non
> issue for me.
> There are patches around for some (most?) of the holes, it just takes
> somebody with the patience to apply them and build fixed versions to
> share - then I'm sure we'd see a new stable release.
So this is all in all a capacity problem? Doesn't have the debian security
team enough ressource to port exisiting patches to debian packages?
Why not enlarging the team?