As for your straw man about security bugs, what security bugs would you be fixing with your own patches? If there are security bugs, they should be fixed upstream, not in your own tree. We've had this discussion repeatedly in the context of the security group, and we expect that branded builds of x.y.z from <insert distro here> will be the source tarball/cvs tag for x.y.z plus the set of approved patches. We do not want to get into the fools' game of cherry-picking patches, or individual distros deciding that Patch A isn't "security-oriented" enough.
What happens when MozCo drops support for Firefox 1.5 but Debian (or another distro) is still obligated to provide support, as has happened with Firefox 1.0 and Mozilla Suite 1.7 in sarge? I admit this question is largely academic as it appears Debian will be forced to ship mozilla/browser under a different name.
James Andrewartha -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
