Re: On Mozilla-* updates
On Sat, Jul 30, 2005 at 09:51:28AM +1000, Geoff Crompton <[EMAIL PROTECTED]> wrote: > > > > For these packages, help and/or advice is appreciated. > > > > Can we try to get a DD involved in the mozilla security team? Presumably > when they become aware of a security issue, there is some discussion > about the problem and how to fix it. Access at this level may make it > possible to identify in the code where the problems are. > Then that person could release more detailed information about the fix > after the embargo ends, which would benefit all other distributions in a > similar position. Only problem beeing that mozilla team access is a meritocracy... Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: On Mozilla-* updates
> > For these packages, help and/or advice is appreciated. > Can we try to get a DD involved in the mozilla security team? Presumably when they become aware of a security issue, there is some discussion about the problem and how to fix it. Access at this level may make it possible to identify in the code where the problems are. Then that person could release more detailed information about the fix after the embargo ends, which would benefit all other distributions in a similar position. Geoff Crompton -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Mozilla-* updates
Moin, it seems that less than two months after the release of sarge it is not possible to support Mozilla, Thunderbird, Firefox (and probably Galeon) packages anymore. (in terms of fixing security related problems) Unfortunately the Mozilla Foundation does not provide dedicated and clean patches for security updates but only releases new versions that fix tons of security related problems and other stuff that is or may be irrelevant for security updates. As a result, it is extremely difficult to get security patches extracted and backported. This is an utter disaster for security teams and distributions that try to support their releases. We have tried to prepare updated packages, but they may cause problems as has been the case for a Debian fork. Eventually they've given up and released the new upstream version as security update. *sigh* Using new upstream versions are bound to cause new problems. Maybe not at the moment with only going from 1.0.4 to 1.0.6 but more probably they will do later. Sooner or later they will change the behaviour of the program (so uses will be confused), change the API (so plugins, language files etc won't work anymore), alter the dependencies (so the packages will be slurp in new packages or cannot be built on stable at all). I guess in the long term we're on a lost track and it seems this situation has already started. For these packages, help and/or advice is appreciated. Regards, Joey -- It's time to close the windows. Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
[EMAIL PROTECTED] har semester.
I will be out of the office starting 2005-07-29 and will not return until 2005-08-22. Jag har semester från och med 2005-07-29 till och med 2002-08-22
Re: New gaim packages fix denial of service
Estoy de vacaciones hasta el 1 de Septiembre. Leeré tu correo cuando vuelva. Si deseas algo urgente, contacta con: Cuestiones relacionadas con Seguridad: * Área de Seguridad y Comunicaciones ([EMAIL PROTECTED]) Para cuestiones relacionadas con Docencia: * Marcelo Bagnulo ([EMAIL PROTECTED]) Saludos. Rafa. I will be on holiday until September 1st. I will read your message as soon as I come back. If you have an urgent question, please, contact with: Security related questions: * Security and Communications Area ([EMAIL PROTECTED]) Educational questions: * Marcelo Bagnulo ([EMAIL PROTECTED]) Thanks in advance. Rafa.
Re: mozilla-firefox 1.0.4-2 security holes (was Re: Security fixes for mozilla and firefox in Sarge?)
Debian bug #318061 sort-of covers some of the above issues, but the bts says it will be archived in 19 days, even though the bug is still open for the version in Stable. Is this normal? See [1]: Bug archival currently disabled, until distribution tags are supported as bug archival blockers. Bug #318061 is tagged etch and sarge, so it won't be archived until it's fixed in etch and sarge. [1] http://lists.debian.org/debian-devel-announce/2005/07/msg00010.html Willi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]