Re: mozilla - the forgotten package?

[Jan Lühr <jluehr@gmx.net>]

Greetings,

Am Dienstag, 9. März 2004 17:20 schrieb Steve Kemp:
> On Tue, Mar 09, 2004 at 05:15:42PM +0100, Jan L??hr wrote:
> > over the last months, various security related bugs in mozilla appeared
> > and were fixed in new versions of mozilla - but what about the debian
> > package? Are there any efforts for making mozilla secure or to backport
> > the mozilla patches to debian?
> >
> > Due to depency with galeon new mozilla versions cannot be intergrated
> > easily, but right now, the debian mozilla contains some seriuos security
> > related bugs.
> >
> > So is mozilla the forgotten package? Considering how popular mozilla is,
> > making it secure would be worth the effort - imho.
>
>   I think it's a case of time and energy.  I started updating the
>  current woody packages to handle some of the reports, after mdz
>  pointed me to a list.
>
>   However it was very timeconsuming and very shortly after I started I
>  stopped having to support graphical stable boxes; so it became a non
>  issue for me.
>
>   There are patches around for some (most?) of the holes, it just takes
>  somebody with the patience to apply them and build fixed versions to
>  share - then I'm sure we'd see a new stable release.

So this is all in all a capacity problem? Doesn't have the debian security 
team enough ressource to port exisiting patches to debian packages?
Why not enlarging the team?

Keep smiling
yanosz