Re: On Mozilla-* updates
On Sat, Jul 30, 2005 at 03:22:53PM +0200, Floris Bruynooghe wrote:
> This all just seem arguments to put the (new) mozilla browsers into
> the volatile archive. It definately is not what I thought of as
> something I'd expect for the stable archive. If we choose stable we
> do so with a reason and we know what we choose. If we add volatile
> we also know what we're doing.
ACK.
> The problem is much harder when we can't actually have the backports.
> In my opinion it's *maybe* better to just leave the browsers in
> stable as they are and make an announcement to security-announce@l.d.o
> or so that their security is sub-optimal or non-existing and if they
> want they can use the new packages from volatile.
I would go one step further and remove vulnerable mozilla software
from stable, or put up dummy packages pointing people to volatile in
the security archive. I don't like the idea of shipping vulnerable
software and not taking measures to prevent that software from being
installed on a system with stable+security. We cannot expect our users
to read our announcements.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Reply to: