[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: On Mozilla-* updates


Am Sonntag, 31. Juli 2005 14:51 schrieb David Ehle:
> > Despite of the fact, the the release is probably unable to match the
> > mozilla release cycles - do you really think, mozilla is the one and only
> > package, debian is all about? Well, I mean the killer application, the
> > thin that justify Debian?

> For my end users, who have been switched from Windows and Outlook? Yes.
> Mozilla IS the the Killer App that justifies Debian on their desktop.

Mozilla can be run on nearly every OS running on modern workstations.
I don't see why running is mozilla the primary purpose of debian.

Even if so, mozilla can be added to debian, and if done so, the security 
standard of each installation will drastically improve, if you update mozilla 
by your own.

> Kicking mozilla out is just not an option.
> Having insecure apps in stable is also not an option.

So - this is quite contradictive, isn't it?
Mozilla, as provided in debian is not secure and as provided in upstream 
clashes hard with the debian way of patching and releasing security updates.

The histories shows, that mozilla as long mozilla.org continues their patch 
policy - won't be able to provide patches as needed by the debian devolpers.
Therefore debian will be unable to ship secure mozilla packages.

> I like the the moral/social parts of debian as much as the next guy, but
> as an admin responsible for the security of my systems security.debian.org
> is the biggest draw of debian stable. Knowing that I can depend on stable
> to stay stable AND secure is what makes it our OS and distribution of
> choice.  

If you've been following this list, and if you've beein following 
debian-sec-ann for some months, it must have come to your mind, that debian 
is not able to provide security in some certain areas, like mozilla.

> Otherwise I might as well go run Suse or Fedora, or do static 
> Knoppix installs each has one OR the other.

I don't see, why Fedora is more insecure than debian right now.
Furthermore, if you are up to use linux workstation in a productive 
environment you should consider using Red Hat Enterprise Linux as well. 

Keep smiling

Reply to: