On 27.03.20 21:15, Jan Beich wrote:
Good luck:
- 2.53.1 is still vulnerable
- Upstream has unstable release cadence
- ESR60 engine may not build with new dependencies
- Expecting someone else to do the work
What, I wonder, made you think, I am expecting someone else to do the
work? My question was quite agnostic of /who/ would do it, just /whether
/it can/should be done...
If the fresh (February) release is still vulnerable, then, perhaps, it
should stay buried... Can you give example of a still-open CVE? I'm
staring at the list here
<https://www.cvedetails.com/vulnerability-list.php?vendor_id=452&product_id=7048>,
but can't see, what's still open...
I'm only opposed on using Mk/bsd.gecko.mk and having gecko@ as the maintainer.
I understand the latter, but not the former. As long as gecko@ are not
responsible for it, what's wrong with still using bsd.gecko.mk?
That said, if we're sticking to firefox and thunderbird /only/, maybe
the two can be modified to share more components -- libxul.so in
particular, but also others?.. At least then, running both on the same
machine will still share the shared libraries saving RAM...
Thanks! Yours,
-mi
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-gecko
To unsubscribe, send any mail to "[email protected]"
