Re: Mozilla products in Debian (was: A question for the list:)
On Fri, 05 Nov 2010 07:54:29 -0500, Boyd Stephen Smith Jr. wrote:
> In <[🔎] pan.2010.11.05.08.38.21@gmail.com>, Camaleón wrote:
>>On Fri, 05 Nov 2010 00:30:11 -0500, Boyd Stephen Smith Jr. wrote:
>>> There is a third choice, I guess: Ship firefox / thunderbird in
>>> non-free. Support for non-free is best-effort, which basically means
>>> that if upstream is willing to fix it then the security team /
>>> maintainers will package it. This basically results in Debian
>>> stable's non-free containing software with known security
>>> vulnerabilities that Mozilla is unwilling to fix.
>>
>>How about "volatile"? :-?
>>
>>ClamAV packages are there for that precisely reason (they need to be
>>updated -security fixes- very often).
>
> Firstly, only packages that are already in the official repository are
> included in volatile.
Icedove and Iceweasel are.
> Second, volatile is for packages that need
> frequent, non-security updates to maintain functionality (at least in
> the eyes of some users). (Updating the virus signature database is not
> considered a security update.)
AFAIK, ClamAV packages are fully upgraded (not only for fetching new
signatures but the whole program).
> Thirdly, the policy of no new upstream
> versions after release isn't changed for volatile. (It is changed for
> volatile-sloppy.)
And that is what people wants to be improved :-)
> Finally, updating the Debian package *more often* is
> the opposite of coming into trademark compliance.
You know what other "non-rolling" distros do in this case: stock
versions of the programs remain unchanged and maintained for the time the
distribution is supported but in pararel there are satellite repositories/
forges where users can get upgraded versions of the most used programs
(OOo suite, Mozilla products, etc...). These are not backported apps but
newly builds matching each version.
Greetings,
--
Camaleón
Reply to: