Re: On Mozilla-* updates
On Wed, Aug 03, 2005 at 12:08:10AM +0200, Ben Bucksch wrote:
> Matt Zimmerman wrote:
> >You're welcome to attempt to convince the Mozilla project to change
> >the way that they work for the benefit of distribution security teams.
> I don't even know what exactly you do want the Mozilla project to
> change. You are officially part of the Mozilla security group since some
> time, so you are the right person to discuss a collaboration, and
> execute on it. Note that a discussion involves more than 1-2 emails with
> statements and requests.
To organize their development processes such that patches can be backported
with a reasonable amount of effort. This is the case for most open source
projects, even the kernel, to a much greater extent than Mozilla.
> BTW: Where are you located physically? Maybe you can meet with
> mozilla.orgians in person. I think you'll like Daniel Veditz in
> particular. And Mozilla Foundation needs more of the SPI spirit than the
> OSAF spirit anyways.
I'm in Los Angeles, California, US.
> I hope you can understand, though, that the Mozilla project can't
> maintain whatever version you pick for Debian stable, for *3 years*.
> 1.7.x already lives since almost a year. But, as I said, that's not the
> problem right now.
No one is asking Mozilla to do the job of distribution security, but the
fact is that large segments of the user community want longer support
cycles, and the developer community is trying to provide them.
> At the moment, I am still waiting for an answer to the question at the
> end of my first posting, which Alex repeated:
> What's preventing you from shipping Moz 1.7.11 and FF 1.0.6 right now?
Can Mozilla 1.7.11 even be *built* on woody, much less upgrade seamlessly
from Mozilla 1.0.0?