houghi wrote:
Because Mozilla are saying 1.5.0.1 is unsafe and YOU won't download 1.5.0.2
because the fixes are backported into 1.5.0.1...
SUSE 10.0 has 1.0.8, not 1.5. So if you are using 1.5, then on 10.0 it
does not matter and on 10.1RCx (or better on 10.1 once it is released) YOU
will take care of the security patches as always.
This has always been the case. I fail to see the problem.
The problem we try to explain is, that SUSE backports security fixes
without increasing the version number of an application (they can't,
because they only backport security fixes and not all source code
changes in a newer upstream version). So if you update with YOU, your
system is safe. If you know about backporting etc. you say "I know that
my Firefox 1.5.0.1 is safe, because SUSE already did backport the
security fixes from upstream". But the average user will say "Oh my god,
I'm still using Firefox 1.5.0.1, but the guys from Mozilla say, 1.5.0.3
fixes severe security bugs! Why doesn't SUSE update to the newer version
then!?". The average user updates with YOU and *thinks* he is still
vulnerable, because the version number didn't increase.
My original question is answered, so thanks to all the people explaining
this procedure :)
Philipp
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
