Matt Zimmerman wrote:
Actually, he did, in the previous posting. Which is admirable, because this is a dauntingly huge task (and he seems semi-aware of it) - in the area of a few hours *per week*, on average. mozilla.org (and before it Netscape) has a full-time staff position just for security (he also does security features, though).I'm guessing that you're not going to volunteer on the manpower side
I don't even know what exactly you do want the Mozilla project to change. You are officially part of the Mozilla security group since some time, so you are the right person to discuss a collaboration, and execute on it. Note that a discussion involves more than 1-2 emails with statements and requests.You're welcome to attempt to convince the Mozilla project to change the way that they work for the benefit of distribution security teams.
BTW: Where are you located physically? Maybe you can meet with mozilla.orgians in person. I think you'll like Daniel Veditz in particular. And Mozilla Foundation needs more of the SPI spirit than the OSAF spirit anyways.
I hope you can understand, though, that the Mozilla project can't maintain whatever version you pick for Debian stable, for *3 years*. 1.7.x already lives since almost a year. But, as I said, that's not the problem right now.
At the moment, I am still waiting for an answer to the question at the end of my first posting, which Alex repeated:
What's preventing you from shipping Moz 1.7.11 and FF 1.0.6 right now?