Re: On Mozilla-* updates
* Steve Kemp (skx@debian.org) [050731 20:00]:
> On Sun, Jul 31, 2005 at 06:18:18PM +0100, antgel wrote:
> > Any chance of an elaboration? I wasn't privy to any previous discussion
> > on this and I'm interested. What's the problem with searching bugzilla
> > for security patches on given versions, and applying them? Is it the
> > sheer volume?
> http://kitenet.net/~joey/blog/entry/bug_hiding_systems-2005-07-30-06-25.html
>
> Summery: Even when new fixed packages are available the original
> bugs reported in Mozilla's BugZilla system are non public, as are
> patches.
>
> Mozilla *appears* to have no interest in supply patches which
> *only* fix security holes to distributors. Their line is more
> "upgrade to the newest version". Whilst the new versions do
> fix the holes, they traditionally also break things built against
> them, such as extensions, galeon, etc.
I thought some member of the Debian security team has access to the
hidden bug reports. Can't that member extract the relevant patches then?
Cheers,
Andi
Reply to: