Re: On Mozilla-* updates

To: debian-security@lists.debian.org
Subject: Re: On Mozilla-* updates
From: antgel <antony@antgel.co.uk>
Date: Sat, 30 Jul 2005 14:35:10 +0100
Message-id: <[🔎] 42eb820e$0$29974$db0fefd9@news.zen.co.uk>
In-reply-to: <4vGdE-5mH-1@gated-at.bofh.it>
References: <[🔎] 20050729164338.GB1029@finlandia.infodrom.north.de>

Martin Schulze wrote:
> Moin,
> 
> it seems that less than two months after the release of sarge it is
> not possible to support Mozilla, Thunderbird, Firefox (and probably
> Galeon) packages anymore.  (in terms of fixing security related
> problems)
> 
> Unfortunately the Mozilla Foundation does not provide dedicated and
> clean patches for security updates but only releases new versions that
> fix tons of security related problems and other stuff that is or may
> be irrelevant for security updates.  As a result, it is extremely
> difficult to get security patches extracted and backported.  This is
> an utter disaster for security teams and distributions that try to
> support their releases.

Is it really so difficult to backport the security fixes?  Does anybody
know the average number of security fixes between minor versions?  (e.g.
1.0.4 to 1.0.5)?

Reply to:

Follow-Ups:
- Re: On Mozilla-* updates
  - From: Michael Stone <mstone@debian.org>

References:
- On Mozilla-* updates
  - From: Martin Schulze <joey@infodrom.org>

Prev by Date: Re: On Mozilla-* updates
Next by Date: Re: On Mozilla-* updates
Previous by thread: Re: On Mozilla-* updates
Next by thread: Re: On Mozilla-* updates
Index(es):
- Date
- Thread