<[email protected]> writes: > Currently, the last version of IceCat is 60.3.0 while the last version > of Firefox ESR is 60.6.1. Doesn't that make IceCat exposed to security > vulnerabilities > (https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/) > already fixed on Firefox?
You're right, and I agree that it's a very serious problem. In GNU Guix <https://gnu.org/s/guix> we keep our IceCat package up-to-date by promptly running the 'makeicecat' script on the latest Firefox ESR release whenever Mozilla issues security updates. We had to abandon use of the IceCat-provided source tarballs for the reason you mention. You could use the IceCat from Guix, or you could run the 'makeicecat' script yourself to produce an up-to-date IceCat source tarball from the corresponding Firefox ESR source tarball. You can find 'makeicecat' in the Gnuzilla git repository, here: http://git.savannah.gnu.org/cgit/gnuzilla.git I'm sorry that I don't have a better answer for you. > Is there any reason why IceCat is skipping updates? It's due to lack of developer resources. Mark -- http://gnuzilla.gnu.org
