The patch and bug to back out everything to pre-microb landing is here:
https://bugzilla.mozilla.org/show_bug.cgi?id=408238 Doug On Dec 12, 2007, at 1:28 PM, Doug Turner wrote: > This is important if you are an embedder, and use the mozilla gtk > embedding widget. > > > Between Mozilla 1.8 and now, the Mozilla GTK embedding widget has had > large changes outside the normal review process. Recently Kai Engert > (the owner of PSM) has found a security hole in code. As we dug into > this problem, it quickly became apparent that this code, if reviewed, > would have been caught. I know it is easy to say this now, but > seriously (bug number 406724) we were stubbing out an interface, and > did a terrible job at doing it. As we continued looking at the code, > there are large areas that need further reviewing. > > On IRC, we discussed the possibly of just backing out all of this > code. The result of a backout would be that we would have a mozilla > gtk embedding widget that has no additional functionality above 1.8. > Post 1.9, we will carefully review the patches that we backed out. > > The alternative might be to suck it up and accept the changes as is, > have the right people start reviewing this code as soon as possible, > and ensure that something like this never ever happens again. > > The changes that are suspect (there are some good checkins in this): > > http://bonsai.mozilla.org/cvsquery.cgi?branch=HEAD&dir=mozilla%2Fembedding%2Fbrowser%2Fgtk&date=explicit&mindate=2006-07-01&maxdate=2007-04-01 > > I am interested in hearing feedback either way. > > > Doug Turner > > _______________________________________________ > dev-embedding mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-embedding _______________________________________________ dev-embedding mailing list [email protected] https://lists.mozilla.org/listinfo/dev-embedding
