Re: On Mozilla-* updates

To: Geoff Crompton <geoff.crompton@strategicdata.com.au>
Cc: debian-security@lists.debian.org
Subject: Re: On Mozilla-* updates
From: Florian Weimer <fw@deneb.enyo.de>
Date: Mon, 01 Aug 2005 15:22:05 +0200
Message-id: <[🔎] 87ack1dc76.fsf@deneb.enyo.de>
In-reply-to: <42EAC100.4020609@strategicdata.com.au> (Geoff Crompton's message of "Sat, 30 Jul 2005 09:51:28 +1000")
References: <20050729164338.GB1029@finlandia.infodrom.north.de> <42EAC100.4020609@strategicdata.com.au>

* Geoff Crompton:

>> 
>> For these packages, help and/or advice is appreciated.
>> 
>
> Can we try to get a DD involved in the mozilla security team? Presumably
> when they become aware of a security issue, there is some discussion
> about the problem and how to fix it. Access at this level may make it
> possible to identify in the code where the problems are.

Maybe the Mozilla Foundation doesn't *want* isolated patches to be
published because they make it easier to understand the bug and write
exploits?  Do we know for sure that they don't publish separate
patches because of lack of time or interest?

(This is not as crazy as it sounds.  Microsoft pushes out additional
code changes along with security updates to make the task for BinDiff
harder.)

Reply to:

Prev by Date: Re: On Mozilla-* updates
Next by Date: Re: On Mozilla-* updates
Previous by thread: Re: On Mozilla-* updates
Next by thread: Re: On Mozilla-* updates
Index(es):
- Date
- Thread