[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mozilla products in Debian (was: A question for the list:)



In <pan.2010.11.05.08.38.21@gmail.com>, Camaleón wrote:
>On Fri, 05 Nov 2010 00:30:11 -0500, Boyd Stephen Smith Jr. wrote:
>> There is a third choice, I guess: Ship firefox / thunderbird in
>> non-free. Support for non-free is best-effort, which basically means
>> that if upstream is willing to fix it then the security team /
>> maintainers will package it.  This basically results in Debian stable's
>> non-free containing software with known security vulnerabilities that
>> Mozilla is unwilling to fix.
>
>How about "volatile"? :-?
>
>ClamAV packages are there for that precisely reason (they need to be
>updated -security fixes- very often).

Firstly, only packages that are already in the official repository are 
included in volatile.  Second, volatile is for packages that need frequent, 
non-security updates to maintain functionality (at least in the eyes of some 
users).  (Updating the virus signature database is not considered a security 
update.)  Thirdly, the policy of no new upstream versions after release isn't 
changed for volatile.  (It is changed for volatile-sloppy.)  Finally, updating 
the Debian package *more often* is the opposite of coming into trademark 
compliance.
-- 
Boyd Stephen Smith Jr.                   ,= ,-_-. =.
bss@iguanasuicide.net                   ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy         `-'(. .)`-'
http://iguanasuicide.net/                    \_/

Attachment: signature.asc
Description: This is a digitally signed message part.


Reply to: