Re: On Mozilla-* updates

To: debian-security@lists.debian.org
Cc: debian-security@lists.debian.org
Subject: Re: On Mozilla-* updates
From: Jeff <debian0309@aquabolt.com>
Date: Tue, 02 Aug 2005 11:31:26 +0100
Message-id: <[🔎] 20050802103118.EAB7D2E47C@murphy.debian.org>
In-reply-to: <20050729164338.GB1029@finlandia.infodrom.north.de>
References: <20050729164338.GB1029@finlandia.infodrom.north.de>


it seems that less than two months after the release of sarge it is
not possible to support Mozilla, Thunderbird, Firefox (and probably
Galeon) packages anymore.  (in terms of fixing security related
problems)

Unfortunately the Mozilla Foundation does not provide dedicated and
clean patches for security updates but only releases new versions that
fix tons of security related problems and other stuff that is or may
be irrelevant for security updates.  As a result, it is extremely
difficult to get security patches extracted and backported.  This is
an utter disaster for security teams and distributions that try to
support their releases.


Joey,

Working from the following assumptions:
* it possible to include Mozilla in Debian stable,
* extracting security patches from upstream is not practical,

and ignoring the interesting, but extraneous threads,

What exactly breaks if the update to v1.06 is applied, as upstreamrecommends?

I realise you are seeking a general solution. I believe that we needcase specific information. This will enable us to evaluate any proposedgeneral solutions, with the illumination of real facts.


Regards
Jeff

Reply to:

Follow-Ups:
- Re: On Mozilla-* updates
  - From: Jeff <debian0309@aquabolt.com>

Prev by Date: Re: Importance of browser security
Next by Date: Re: On Mozilla-* updates
Previous by thread: Re: On Mozilla-* updates
Next by thread: Re: On Mozilla-* updates
Index(es):
- Date
- Thread