[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: On Mozilla-* updates

Matt Zimmerman wrote:
> On Tue, Aug 02, 2005 at 02:29:51PM +0200, Moritz Muehlenhoff wrote:
> 
> 
>>If the isolated patches were pulled from Mozilla Bugzilla by Matt Zimmermann
>>(who appears to be Debian's Mozilla security delegate) and published as part
>>of a DSA this would point to the core of each vulnerability and make exploit
>>creation easier than reconstructing this information from the large interdiffs
>>between their stable releases. This tends towards security through obscurity,
>>but seems to be Mozilla's policy for bugs with their internal "Critical"
>>severity.
> 
> 
> Getting access to the patches is not a significant obstacle; 

That is news to me.  From other posts in the thread, one would think
otherwise.

> the issue is
> that they often don't apply to versions which are a few months old.

Not automatically, but perhaps if we had a dedicated team of a few
people who can code, we could manually mould them to the version in
stable?  I am willing to help out.  Mozilla is a killer app and we
should pull out all the stops to keep it in Debian.  Where there's a
will, there's a way etc.

Antony
Reply to: