On Thu, 23 Jun 2011, Luc Menut wrote: > Le 23/06/2011 07:58, Dexter Morgan a écrit : >> On Thu, Jun 23, 2011 at 7:29 AM, Thierry Vignaud >> <thierry.vign...@gmail.com> wrote: >>> On 22 June 2011 19:41, Florian Hubold<doktor5...@arcor.de> wrote: >>>>> Well, it's quite possible that we have to include that in Mageia 1 as >>>>> well, as this will be security update for Firefox 4. If we don't want to >>>>> patch every CVE then we have to include it into Mageia 1 as well.. >>>>> >>>>> > ... >> >> But i think sec team need to speak of FF5 first because i think this >> will be a candidate for updates regarding new firefox upstream policy >> > > Yes, I think Firefox 5 should be an updates. > Firefox 5 is a security update for Firefox 4 and 4.0.1. There will be no > Firefox 4.0.2.
Yes, as patch to fix security are not provided for firefox 4, and not easy to backport, it needs to be updated to version 5. It is listed as an exception on the updates policy page : http://mageia.org/wiki/doku.php?id=updates_policy
