[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mozilla products in Debian (was: A question for the list:)

On Fri, 05 Nov 2010 09:10:44 -0500, Boyd Stephen Smith Jr. wrote:

> On Friday 05 November 2010 08:13:41 Camaleón wrote:

>> > Thirdly, the policy of no new upstream versions after release isn't
>> > changed for volatile.  (It is changed for volatile-sloppy.)
>> And that is what people wants to be improved :-)
> No.  That's NOT what those who know and love Debian stable want.  The
> lack of upstream changes is one of the main reasons I use stable on
> servers.

What happens with Mozilla packages (more exactly with Firefox/Iceweasel) 
is that upstream version correct security flaws, meaning that right now, 
Debian's lenny stock version of Iceweasel is vulnerable to lots of holes 
because Mozilla does not provide support nor pacthes for 3.0.x branch.

Leaving your users base with a vulnerable browser is not very sane.

I see only one reason to force the upgrade of a stock package with a 
newer version and is precisely the lack of support (nor patches) from 
upstream packager.

Hopefully there is "backports" holding these packages, but for Mozilla 
products (which are included in the regular repo) should not be needed -
to be backported- at all: lenny users should have received 3.5 release by 
means of the security repo.



Reply to: