Re: Mozilla products in Debian
On Sun, 07 Nov 2010 16:15:10 -0600, Boyd Stephen Smith Jr. wrote:
> On Sunday 07 November 2010 13:21:06 Camaleón wrote:
>> On Sun, 07 Nov 2010 20:40:09 +0200, Andrei Popescu wrote:
>> > On Vi, 05 nov 10, 19:47:58, Rob Owens wrote:
>> >> What I would like (and think they should have done in the case of
>> >> Iceweasel) is issue a security update that is simply a message to
>> >> the admin that stable's version of Iceweasel is now unsupported.
>> >> The security update should not automatically upgrade Iceweasel to
>> >> the backports version, but it should suggest this to the admin as a
>> >> wise course of action.
>> >
>> > And this has happened in the past (for Etch as far as I recall, but
>> > you can search the archives). AFAICT iceweasel in lenny is still
>> > supported.
>>
>> I would like to know at what level.
>
> At the same level as other package for which Debian is the de facto
> upstream. Any variance in that would mean a DSA would be issued.
That says not much for the users.
There have been many bugs reported since 3.0 up to the latest 3.6 branch
so:
- What is the current status of Iceweasel in Lenny?
- Are all the recent bugs of Firefox -that can affect 3.0 branch- fixed/
backported to Iceweasel 3.0.6?
- Does 3.0.6 versioning number follow the upstream numbering?
I ask because the only official note I've read seems to be in the Release
Notes of Lenny and it's a bit fuzzy (leaves many points in the air).
If the current 3.0.6 is vulnerable to any of the recently discovered
exploits, it's ok (users have been warned about this could happen), we
can use backports to upgrade 3.5.x, but I think it would be more
appropriate to get an official statement from Debian so users can:
a) Rest assured knowing there is no exploitable flaw in the current
version (3.0.6).
b) Update to any of the releases available.
Greetings,
--
Camaleón
Reply to: