On Friday, October 21, 2016 at 1:11:16 PM UTC-5, Kyle Huey wrote: > No. These machines should not be on the Internet anymore. If the > operating system vendor is no longer supporting their product with > security releases an out of date TLS stack is a minor problem compared > to the remote code execution that's going to pwn the machine. > > - Kyle
Don't get me wrong, I agree with you completely. In theory, unsupported OS's should be taken off the Internet and hardware that no longer has support of current OS's should be scrapped and replaced. The reality is that this doesn't happen and this thread proves it. If taking older machines off the Internet was really happening, then why would Firefox still be supporting XP SP2 seven years after its last update? My concern is that by killing digital certificate updates and TLS updates, still in use machines whose main purpose is Internet access are essentially bricked. Maybe that is the right thing to do. Maybe killing a machine's access to the Internet is the impetus to update an OS or buy a new machine. My fear is that this happening will cause confusion about what is wrong instead of clarity about the need for an upgrade or replacement even if the machine is still 'functional'. My other fear is that this machine is in use because it is the most affordable option even if that isn't the best option and an upgrade or replacement may not be an immediate option. Killing access to the Internet in that case could cause unintended problems. Also, it's not like Vista is going away cleanly no matter how small its user base. The other day my mom received a Haband catalog and they were selling a Vista laptop with a 60+ game pack for $200.00 that I believe it was similar to the one listed here (http://haband.blair.com/p/for-the-home/electronics/laptops-tablets-e-readers/dell-32-ghz-duo-core-family-laptop/pc/3641/c/3647/sc/4765/110875.uts). I told my mom it wasn't a good deal. I like the fact that Mozilla extends support to older, outdated, and unpopular machines. I also agree that dropping XP and Vista onto ESR 52 is a good solution to deal with two OS's that are either, in XP's case, too old to properly support or, in Vista's case, lack the tooling support that Windows 7 and above have access to. I just think that with encryption being a major part of the Internet now days both XP and Vista on ESR 52 and probably OS X 10.6-10.8 on ESR 45 need at the very least a little longer guaranteed access to digital certificates for TLS. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
