Re: On Mozilla-* updates
Matt Zimmerman wrote:
> On Tue, Aug 02, 2005 at 02:29:51PM +0200, Moritz Muehlenhoff wrote:
>
>
>>If the isolated patches were pulled from Mozilla Bugzilla by Matt Zimmermann
>>(who appears to be Debian's Mozilla security delegate) and published as part
>>of a DSA this would point to the core of each vulnerability and make exploit
>>creation easier than reconstructing this information from the large interdiffs
>>between their stable releases. This tends towards security through obscurity,
>>but seems to be Mozilla's policy for bugs with their internal "Critical"
>>severity.
>
>
> Getting access to the patches is not a significant obstacle;
That is news to me. From other posts in the thread, one would think
otherwise.
> the issue is
> that they often don't apply to versions which are a few months old.
Not automatically, but perhaps if we had a dedicated team of a few
people who can code, we could manually mould them to the version in
stable? I am willing to help out. Mozilla is a killer app and we
should pull out all the stops to keep it in Debian. Where there's a
will, there's a way etc.
Antony
Reply to: