On 2-Oct-06, at 1:39 PM, Mike Hommey wrote:
Backporting security fixes from newer releases is not really "extra"
in my mind. It'd be fixing stuff that isn't fixed elsewhere without
discussing it with us.
The argument for fixing upstream is that by taking a fix for a bug
that's unpatched upstream, you will call attention to that potential
exploit, and thus put non-Debian users at risk.
Are you suggesting we don't patch the branches you don't support any
more ?
Not sure why you got that impression. I think it'd be better,
assuming anyone aside from Debian still cares about 1.0.x, to patch
mozilla.org CVS and share the goodness. But that's going offtopic,
and I've fallen into that trap too much in this thread.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
