This is important if you are an embedder, and use the mozilla gtk embedding widget.
Between Mozilla 1.8 and now, the Mozilla GTK embedding widget has had large changes outside the normal review process. Recently Kai Engert (the owner of PSM) has found a security hole in code. As we dug into this problem, it quickly became apparent that this code, if reviewed, would have been caught. I know it is easy to say this now, but seriously (bug number 406724) we were stubbing out an interface, and did a terrible job at doing it. As we continued looking at the code, there are large areas that need further reviewing. On IRC, we discussed the possibly of just backing out all of this code. The result of a backout would be that we would have a mozilla gtk embedding widget that has no additional functionality above 1.8. Post 1.9, we will carefully review the patches that we backed out. The alternative might be to suck it up and accept the changes as is, have the right people start reviewing this code as soon as possible, and ensure that something like this never ever happens again. The changes that are suspect (there are some good checkins in this): http://bonsai.mozilla.org/cvsquery.cgi?branch=HEAD&dir=mozilla%2Fembedding%2Fbrowser%2Fgtk&date=explicit&mindate=2006-07-01&maxdate=2007-04-01 I am interested in hearing feedback either way. Doug Turner _______________________________________________ dev-embedding mailing list [email protected] https://lists.mozilla.org/listinfo/dev-embedding
