Re: On Mozilla-* updates

To: antgel <antony@antgel.co.uk>
Cc: debian-security@lists.debian.org
Subject: Re: On Mozilla-* updates
From: Steve Kemp <skx@debian.org>
Date: Sun, 31 Jul 2005 18:45:01 +0100
Message-id: <[🔎] 20050731174501.GA2758@steve.org.uk>
Reply-to: Steve Kemp <skx@debian.org>
In-reply-to: <[🔎] 42ed07db$0$16001$da0feed9@news.zen.co.uk>
References: <[🔎] 20050729164338.GB1029@finlandia.infodrom.north.de> <[🔎] 42eb820e$0$29974$db0fefd9@news.zen.co.uk> <[🔎] 20050731165828.GV19080@mathom.us> <[🔎] 42ed07db$0$16001$da0feed9@news.zen.co.uk>

On Sun, Jul 31, 2005 at 06:18:18PM +0100, antgel wrote:

> Any chance of an elaboration?  I wasn't privy to any previous discussion
> on this and I'm interested.  What's the problem with searching bugzilla
> for security patches on given versions, and applying them?  Is it the
> sheer volume?

	http://kitenet.net/~joey/blog/entry/bug_hiding_systems-2005-07-30-06-25.html

  Summery:  Even when new fixed packages are available the original
 bugs reported in Mozilla's BugZilla system are non public, as are
 patches.

  Mozilla *appears* to have no interest in supply patches which 
 *only* fix security holes to distributors.  Their line is more
 "upgrade to the newest version".  Whilst the new versions do
 fix the holes, they traditionally also break things built against
 them, such as extensions, galeon, etc.

  Which is why we're seeing the problem now.

Steve
--

Reply to:

Follow-Ups:
- Re: On Mozilla-* updates
  - From: Andreas Barth <aba@not.so.argh.org>

References:
- On Mozilla-* updates
  - From: Martin Schulze <joey@infodrom.org>
- Re: On Mozilla-* updates
  - From: antgel <antony@antgel.co.uk>
- Re: On Mozilla-* updates
  - From: Michael Stone <mstone@debian.org>
- Re: On Mozilla-* updates
  - From: antgel <antony@antgel.co.uk>

Prev by Date: Re: On Mozilla-* updates
Next by Date: Re: On Mozilla-* updates
Previous by thread: Re: On Mozilla-* updates
Next by thread: Re: On Mozilla-* updates
Index(es):
- Date
- Thread