Re: On Mozilla-* updates
On Sun, Jul 31, 2005 at 06:18:18PM +0100, antgel wrote:
> Any chance of an elaboration? I wasn't privy to any previous discussion
> on this and I'm interested. What's the problem with searching bugzilla
> for security patches on given versions, and applying them? Is it the
> sheer volume?
http://kitenet.net/~joey/blog/entry/bug_hiding_systems-2005-07-30-06-25.html
Summery: Even when new fixed packages are available the original
bugs reported in Mozilla's BugZilla system are non public, as are
patches.
Mozilla *appears* to have no interest in supply patches which
*only* fix security holes to distributors. Their line is more
"upgrade to the newest version". Whilst the new versions do
fix the holes, they traditionally also break things built against
them, such as extensions, galeon, etc.
Which is why we're seeing the problem now.
Steve
--
Reply to: