[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

On Mozilla-* updates


it seems that less than two months after the release of sarge it is
not possible to support Mozilla, Thunderbird, Firefox (and probably
Galeon) packages anymore.  (in terms of fixing security related

Unfortunately the Mozilla Foundation does not provide dedicated and
clean patches for security updates but only releases new versions that
fix tons of security related problems and other stuff that is or may
be irrelevant for security updates.  As a result, it is extremely
difficult to get security patches extracted and backported.  This is
an utter disaster for security teams and distributions that try to
support their releases.

We have tried to prepare updated packages, but they may cause problems
as has been the case for a Debian fork.  Eventually they've given up
and released the new upstream version as security update.  *sigh*

Using new upstream versions are bound to cause new problems.  Maybe
not at the moment with only going from 1.0.4 to 1.0.6 but more
probably they will do later.

Sooner or later they will change the behaviour of the program (so uses
will be confused), change the API (so plugins, language files etc
won't work anymore), alter the dependencies (so the packages will be
slurp in new packages or cannot be built on stable at all).

I guess in the long term we're on a lost track and it seems this
situation has already started.

For these packages, help and/or advice is appreciated.



It's time to close the windows.

Please always Cc to me when replying to me on the lists.

Reply to: