Even when there is no ABI/API change, packages that depend on Mozilla
generally depend on exact version numbers. I do not know on which
side the bug lies, but if you are saying that a new galeon package is
not necessary when a compatible mozilla shows up, my experience is
that this is very
Greetings,
Am Dienstag, 2. August 2005 10:57 schrieb Ben Bucksch:
Stefano Salvi wrote:
I prefer to have no X on the server and administer it from command
line or Web interfaces (command line is better).
Let's say
1. You use Mozilla from sarge
2. Somebody cracks you through known
Willi Mann wrote:
Even when there is no ABI/API change, packages that depend on Mozilla
generally depend on exact version numbers. I do not know on which
side the bug lies, but if you are saying that a new galeon package is
not necessary when a compatible mozilla shows up, my experience is
Greetings,
Am Dienstag, 2. August 2005 12:39 schrieb Jeff:
Joey,
Working from the following assumptions:
* it possible to include Mozilla in Debian stable,
* extracting security patches from upstream is not practical,
and ignoring the interesting, but extraneous threads,
What
David Ehle wrote:
...
What I don't want to
see is this discussion drag on eternally on
woe-is-me-they-wont-play-like-i-like-i-hate-change fashion,
It's too late for that... ;-)
--
Paul
http://paulgear.webhop.net
--
Did you know? Most email-borne viruses use a false sender address, so
you
Hi.
(excuse me in advance for my bad english or french barbarisms :) )
I was thinking about a policy for managing packages built around never
patched softwares like Moz/FireFox.
Volatile and Security repositories do not fit for that, everybody agrees
with that. So:
Sid version would try and
antgel wrote:
2) Mozilla security patches are not easy to find and isolate.
Ben has disputed this, saying that we should be able to extract all
necessary patches. Public ones from
http://www.mozilla.org/projects/security/known-vulnerabilities.html then
bugzilla, and embargoed ones via mdz.
On Wed, Aug 03, 2005 at 01:01:40PM +0100, antgel wrote:
You'll note that I _have_ volunteered, fwiw.
So stop discussing and start doing...
Mike Stone
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Wed, Aug 03, 2005 at 02:51:04PM +0200, Ben Bucksch wrote:
antgel wrote:
2) Mozilla security patches are not easy to find and isolate.
Ben has disputed this, saying that we should be able to extract all
necessary patches. Public ones from
On Wed, Aug 03, 2005 at 01:01:40PM +0100, antgel wrote:
Matt Zimmerman wrote:
You're welcome to attempt to convince the Mozilla project to change
the way that they work for the benefit of distribution security teams. If I
recall correctly, others have unsuccessfully attempted this in the
What exactly breaks if the update to v1.06 is applied, as upstream
recommends?
I realise you are seeking a general solution. I believe that we need
case specific information. This will enable us to evaluate any proposed
general solutions, with the illumination of real facts.
Actually, I see
On Wed, Aug 03, 2005 at 06:51:59PM +0200, Ben Bucksch wrote:
Matt Zimmerman wrote:
Ben has now explained that this is in fact not sufficient.
No, I have not. Please read again what I wrote.
There is clearly a communication gap.
And it's not on my end. You still haven't answered my
Matt Zimmerman wrote:
Ben has now explained that this is in fact not sufficient.
No, I have not. Please read again what I wrote.
There is clearly a communication gap.
And it's not on my end. You still haven't answered my very specific
questions about your problems and what you want.
Adeodato Simó [EMAIL PROTECTED] writes:
* Thomas Bushnell BSG [Tue, 02 Aug 2005 16:07:08 -0700]:
It would be very nice if Mozilla would publish to distributions like
ours a description of the security problem, and then a separate patch
for that specific problem.
Publish to distributions
Mathieu JANIN [EMAIL PROTECTED] writes:
I was thinking about a policy for managing packages built around never
patched softwares like Moz/FireFox.
Volatile and Security repositories do not fit for that, everybody agrees
with that.
What is wrong with volatile? It's for exactly this case.
On Thursday 04 August 2005 00:25, Thomas Bushnell BSG wrote:
What is wrong with volatile? It's for exactly this case.
No it is not. volatile-sloppy [1] may be (if that's implemented).
[1] http://lists.debian.org/debian-devel-announce/2005/05/msg00016.html
pgpQYcm3oGbIO.pgp
Description: PGP
Frans Pop [EMAIL PROTECTED] writes:
On Thursday 04 August 2005 00:25, Thomas Bushnell BSG wrote:
What is wrong with volatile? It's for exactly this case.
No it is not. volatile-sloppy [1] may be (if that's implemented).
[1]
On Thursday 04 August 2005 00:39, Thomas Bushnell BSG wrote:
Frans Pop [EMAIL PROTECTED] writes:
On Thursday 04 August 2005 00:25, Thomas Bushnell BSG wrote:
What is wrong with volatile? It's for exactly this case.
No it is not. volatile-sloppy [1] may be (if that's implemented).
I
Frans Pop [EMAIL PROTECTED] writes:
On Thursday 04 August 2005 00:39, Thomas Bushnell BSG wrote:
Frans Pop [EMAIL PROTECTED] writes:
On Thursday 04 August 2005 00:25, Thomas Bushnell BSG wrote:
What is wrong with volatile? It's for exactly this case.
No it is not. volatile-sloppy [1]
On Wed, Aug 03, 2005 at 03:25:37PM -0700, Thomas Bushnell BSG wrote:
What is wrong with volatile? It's for exactly this case.
No, it's not.
Mike Stone
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
20 matches
Mail list logo