On 6/24/11, Justin Wood (Callek) <cal...@gmail.com> wrote: > Lee wrote: >> On 6/23/11, Justin Wood (Callek)<cal...@gmail.com> wrote: >>> I just wanted to make you all aware of a user-facing change I am being >>> forced to make for SeaMonkey 2.2 >>> >>> The idea is I'd either not make it, or risk keeping users exposed to >>> security risks far longer than should be the case. >>> >>> Bug 666518 (PLEASE respond only here unless you are helping to FIX the >>> bug, advocacy will be fine in newsgroups/e-mail but not bug, thank you) >>> >>> I will be removing the Windows Installers' ability to selectively >>> install extensions. >>> >>> The codepaths that make the packaging of the installer able to support >>> this feature are very complex, and apparantly quite easy to break. While >>> removing the ability entirely (user facing anyway) is as simple as >>> dropping one variable in a makefile we control. >>> >>> I do have ideas on how I can restore the basic functionality offered by >>> this installer feature, but it won't be until 2.5 at the earliest I can >>> get that working, and I have no guarantees as I have not looked deeply >>> into it yet. But I feel that my efforts to support a very complex system >>> here which HAVE to coexist with the Firefox systems and are only growing >>> in complexity as of late, are better spent supporting other aspects of >>> SeaMonkey and doing bug fixing/stability/releng on a wider scale. >>> >>> After reading that bug, if you have any >>> comments/complaints/show-of-support or suggestions, please feel free to >>> state them here. >> >> show-of-support: thank you for continuing to work on SeaMonkey > > You're welcome > >> After looking at the bug report I'm no closer to understanding what >> the security risks are, but if all it means is I have to do another >> step or three to uninstall extensions that I don't want vs. some >> security issue.. I think you made the right decision. > > To be clear, this was not a security issue. > > The reason security was even mentioned, was that me attempting to fix > this complex bug would have meant a delay in 2.2 (and likely future > versions as well) which also means a delay in getting security fixes out > to our users.
OK - thanks for the explanation; that makes more sense. & I still think you made the right decision :) I really like SM & would hate to see development on it stop Best regards, Lee _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey