On Tue, Jun 29, 2010 at 11:35:28AM -0400, Michael Gilbert wrote: > On Tue, 29 Jun 2010 09:37:46 +0200, Mike Hommey wrote: > > On Tue, Jun 29, 2010 at 02:57:32AM -0400, Michael Gilbert wrote: > > > Mozilla actively makes it hard to stay up to date > > > (by providing as little information as possible in their advisories); > > > webkit (for the most part except for Apple announcements) makes it > > > easy. This means security fixes are going to happen a lot faster since > > > there is a lot less downtime waiting for patches to by disclosed. > > > > Actually, that's not true. It's pretty easy to track the security > > related changes in mercurial now (that was indeed a problem when mozilla > > was still using CVS), and security bugs are as documented as Webkit's. > > The only difference, for now, is that we have access to the Webkit bugs > > while we (still) don't have access to the Mozilla ones. But that should > > happen some day. > > > > IOW, your point is void ;) > > OK, point taken (I don't have any perspective on mozilla's inner > workings, so I didn't know this). However, do you want to continue > suffering with the workload required to support the mozilla packages? > The core problem I see is that there are two very vulnerable codebases > currently planned to be supported, and manpower could be roughly halved > if the codebases were reduced to one.
The point in releasing squeeze with 3.5/1.9.1 is precisely to only have to support one codebase for all mozilla based software in debian... Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100629153957.ga12...@glandium.org