On 08/04/2005 11:20 AM, Kevin B. McCarty wrote: > I backported the newest versions of mozilla, firefox, thunderbird and > enigmail to Sarge. (Sorry, no galeon or epiphany since I don't use > them.) Anyone who wants them and is willing to trust me (shouldn't be > too scary since I'm in the NM queue :-) can get the packages here: > > deb http://borex.princeton.edu/~kmccarty/ sarge main > deb-src http://borex.princeton.edu/~kmccarty/ sarge main >
To all: Having read your replies and having followed the very indecisive threads on debian-security, I went ahead and installed the backported thunderbird/enigmail from Alexander Sack and firefox from Kevin McCarty. The installs were flawless, and so far, so good. :) Thanks to both Alex and Kevin for taking positive action on this for us users! As a debian user, I'm not happy about how our community is resolving this security problem with mozilla-* packages. The security bug for thunderbird (318728) is Severity: grave, Tags: sarge, security; but for firefox (318061) it's resolved, Done, Will be archived: in 20 days. Anyone checking the BTS page for mozilla-firefox could easily miss the Grave security bug that in fact exists in sarge. There still has been no DSA (Debian Security Advisory). How are users to be notified of these security issues if not from a DSA? How will debian's reputation for excellence be maintained with this lax security effort? We can do better. Thank you, Ralph -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
