[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: On Mozilla-* updates

Martin Schulze wrote:
> Moin,
> it seems that less than two months after the release of sarge it is
> not possible to support Mozilla, Thunderbird, Firefox (and probably
> Galeon) packages anymore.  (in terms of fixing security related
> problems)
> Unfortunately the Mozilla Foundation does not provide dedicated and
> clean patches for security updates but only releases new versions that
> fix tons of security related problems and other stuff that is or may
> be irrelevant for security updates.  As a result, it is extremely
> difficult to get security patches extracted and backported.  This is
> an utter disaster for security teams and distributions that try to
> support their releases.

Is it really so difficult to backport the security fixes?  Does anybody
know the average number of security fixes between minor versions?  (e.g.
1.0.4 to 1.0.5)?

Reply to: