Re: On Mozilla-* updates
Thomas Bushnell BSG wrote:
> Alexander Sack <asac@debian.org> writes:
>
>
>>Matt Zimmerman wrote:
>>
>>>I'm guessing that you're not going to volunteer on the manpower side, and I
>>>don't think that it would be a good way to spend resources even if we had
>>>them. You're welcome to attempt to convince the Mozilla project to change
>>>the way that they work for the benefit of distribution security teams.
>>
>>How should mozilla change the way they work?
>
>
> It would be very nice if Mozilla would publish to distributions like
> ours a description of the security problem, and then a separate patch
> for that specific problem.
>
>
Yes, but let's not discuss what would be nice, but what would be sufficient in
order to allow fixes for ffox/tbird and friends to go in.
Would it be sufficient to have a distinct patchset for each mfsa prepared? Or do
we need more? Do we need more detailed or other descriptions of the problems
than published by mozilla [1]?
[1] - http://www.mozilla.org/projects/security/known-vulnerabilities.html
--
GPG messages preferred. | .''`. ** Debian GNU/Linux **
Alexander Sack | : :' : The universal
asac@debian.org | `. `' Operating System
http://www.asoftsite.org | `- http://www.debian.org/
Reply to: