[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: On Mozilla-* updates

On Sat, Jul 30, 2005 at 03:22:53PM +0200, Floris Bruynooghe wrote:
> This all just seem arguments to put the (new) mozilla browsers into
> the volatile archive.  It definately is not what I thought of as
> something I'd expect for the stable archive.  If we choose stable we
> do so with a reason and we know what we choose.  If we add volatile
> we also know what we're doing.


> The problem is much harder when we can't actually have the backports.
> In my opinion it's *maybe* better to just leave the browsers in
> stable as they are and make an announcement to security-announce@l.d.o
> or so that their security is sub-optimal or non-existing and if they
> want they can use the new packages from volatile.

I would go one step further and remove vulnerable mozilla software
from stable, or put up dummy packages pointing people to volatile in
the security archive. I don't like the idea of shipping vulnerable
software and not taking measures to prevent that software from being
installed on a system with stable+security. We cannot expect our users
to read our announcements.


Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

Reply to: