[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: On Mozilla-* updates

* Steve Kemp (skx@debian.org) [050731 20:00]:
> On Sun, Jul 31, 2005 at 06:18:18PM +0100, antgel wrote:

> > Any chance of an elaboration?  I wasn't privy to any previous discussion
> > on this and I'm interested.  What's the problem with searching bugzilla
> > for security patches on given versions, and applying them?  Is it the
> > sheer volume?

> 	http://kitenet.net/~joey/blog/entry/bug_hiding_systems-2005-07-30-06-25.html
>   Summery:  Even when new fixed packages are available the original
>  bugs reported in Mozilla's BugZilla system are non public, as are
>  patches.
>   Mozilla *appears* to have no interest in supply patches which 
>  *only* fix security holes to distributors.  Their line is more
>  "upgrade to the newest version".  Whilst the new versions do
>  fix the holes, they traditionally also break things built against
>  them, such as extensions, galeon, etc.

I thought some member of the Debian security team has access to the
hidden bug reports. Can't that member extract the relevant patches then?


Reply to: