> On Tue, Aug 27, 2013 at 07:35:06PM +0100, Kevin Chadwick wrote: > > > Hi, > > > > > > next round of betas for gecko 24, those one are targeted for release in > > > mid-september. > > > > Thanks Landry, > > > > After using the 23 beta and about a week later 24 being released I > > tried but gave up trying to find out if the beta was vulnerable to the > > exploits fixed in 24 and so just rebuilt. I just wonder if you have any > > I have absolutely no idea what exploits you're talking about. If it's > the reliability fixes in 23.0.1, i vaguely looked at it and mostly saw > windows-fixes. >
I am not talking about getting the fixes as soon as mozilla knows about them. I was just wondering if I had wasted my time by rebuilding 24 so close to building your 23 beta as the "fixed in 24" erratas on. https://www.mozilla.org/security/known-vulnerabilities/firefox.html may have already been fixed in your 23 beta? In other words can I just run 23 beta a few days early as safely as 24 until 25 is released. From below I guess I could but would sometimes miss a security fix or two and it may be a pain to tell. Or maybe when 24 is released it becomes far easier to tell publicly and just rebuild when that happens? Anyway no big deal really, just wondering. > > insights on how they are handled (do they bottle them up under wraps > > and apply them all at once on release day or include them silently in > > nightlies). > > The security fixes are applied in central, then backported to aurora and > beta, and eventually to release if they're serious, in that case a > chemspill release is done including all pending fixes. > > > p.s. any tips on tracking webkit vulns and whether they are fixed in > > the port would be much appreciated too as xombrero is now my fav > > browser but I have been using the much slower firefox due to possible > > vulns (osvdb.org) in 2.04. > > You clearly have way too much paranoia. Use lynx ? > I will still use xombrero on some systems just contrasting and evaluating both for use by me for all tasks. I may even switch at times and I am not a chromium fan as it doesn't do basic things like clearing data on close or the whitelisting/noscript functions. > Landry > -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) _______________________________________________________________________
