* Steve Kemp ([EMAIL PROTECTED]) [050731 20:00]: > On Sun, Jul 31, 2005 at 06:18:18PM +0100, antgel wrote:
> > Any chance of an elaboration? I wasn't privy to any previous discussion > > on this and I'm interested. What's the problem with searching bugzilla > > for security patches on given versions, and applying them? Is it the > > sheer volume? > > http://kitenet.net/~joey/blog/entry/bug_hiding_systems-2005-07-30-06-25.html > > Summery: Even when new fixed packages are available the original > bugs reported in Mozilla's BugZilla system are non public, as are > patches. > > Mozilla *appears* to have no interest in supply patches which > *only* fix security holes to distributors. Their line is more > "upgrade to the newest version". Whilst the new versions do > fix the holes, they traditionally also break things built against > them, such as extensions, galeon, etc. I thought some member of the Debian security team has access to the hidden bug reports. Can't that member extract the relevant patches then? Cheers, Andi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]