Thomas Bushnell BSG wrote: > Alexander Sack <[EMAIL PROTECTED]> writes: > > >>Matt Zimmerman wrote: >> >>>I'm guessing that you're not going to volunteer on the manpower side, and I >>>don't think that it would be a good way to spend resources even if we had >>>them. You're welcome to attempt to convince the Mozilla project to change >>>the way that they work for the benefit of distribution security teams. >> >>How should mozilla change the way they work? > > > It would be very nice if Mozilla would publish to distributions like > ours a description of the security problem, and then a separate patch > for that specific problem. > > Yes, but let's not discuss what would be nice, but what would be sufficient in order to allow fixes for ffox/tbird and friends to go in.
Would it be sufficient to have a distinct patchset for each mfsa prepared? Or do we need more? Do we need more detailed or other descriptions of the problems than published by mozilla [1]? [1] - http://www.mozilla.org/projects/security/known-vulnerabilities.html -- GPG messages preferred. | .''`. ** Debian GNU/Linux ** Alexander Sack | : :' : The universal [EMAIL PROTECTED] | `. `' Operating System http://www.asoftsite.org | `- http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
