On Mon, Dec 05, 2005 at 06:15:16PM +0000, Andrew Benton wrote: > Randy McMurchy wrote: > >No, as the ones Mozilla uses may be old, > > If Mozilla are using old versions of these libraries perhaps they have > a reason?
Yeah, and a very common reason is that zlib is not their code so it doesn't get nearly the attention the moz code does. > >or have vulnerabilities. > > Surely the people who are in a position to judge are the Mozilla > developers? History argues against you, Andy. When zlib security vulnerabilites were discovered, if often took several months for embedded zlib code to be updated requiring people to write scripts to sniff out vulnerable software [1]. Not a good situation to be in. If zlib is found vulnerable now, we just rebuild it and restart any programs that link to it. [1] http://cert.uni-stuttgart.de/files/fw/find-zlib -- Archaic Want control, education, and security from your operating system? Hardened Linux From Scratch http://www.linuxfromscratch.org/hlfs -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
