On 2015-07-08 1:34 PM, Miles Fidelman wrote:
On 8/07/2015 1:54 PM, »Q« wrote:
Since the last SeaMonkey release, there have been over 40 MFSAs, many
of them critical. IMO (and it's only that) if SM decided out of policy
*not* to issue security updates in a timely manner, that would mark
the death of the project.
Then again, there's a good argument to be made that:
- rapid development and release cycles open as many new security holes
as they close
I don't know where you're getting that info, but I haven't seen any
evidence to suggest that. When I go through the advisories at
<https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/>,
the CVE links often say "in Mozilla Firefox before 39.0", suggesting
that all prior versions are vulnerable.
In addition, those are vulnerabilities that have been publicized,
whereas the ones you assume are being created are not going to be public
until they are fixed. Whenever there one is critical or public, an
emergency update is created, taking priority of the release schedule.
Given all of the above, I don't think the rapid release schedule has
much affect on how many security vulnerabilities are introduced. The
fact that Firefox publicizes them certainly affects SeaMonkey users.
--
Chris Ilias <http://ilias.ca>
Newsgroup moderator
_______________________________________________
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey
