On 01/24/2013 12:38 AM, Rob wrote: > NoOp <gl...@sbcglobal.net.invalid> wrote: >> On 01/23/2013 01:23 PM, Connie wrote: >>> NoOp wrote: >>> >>>> I'd rethink taking that "advise" were I you: >>>> <https://www.mozilla.org/security/known-vulnerabilities/seamonkey.html> >>> >>> Not take which advice? Uninstalling the version already installed? >>> Installing over the top or not doing so? Or not installing 2.14.1? >> >> Installing 2.14.1 instead of the current 2.15.1. >> >> Notice that 2.15 fixes 12 /Critical/ security issues, and 6 /High/ >> security issues. > > Wait. Each and every new release combines security fixes with > functional changes and new bugs. It is like that, no matter if > you like it or not. It is not always good to install the latest > release, because they (lately) often come with critical problems > that affect the average user much much more than a security issue.
So you are advising every "average user" here to back down to 2.14.1? > > The security issue only hits you when you visit some infected site, > the new bugs often hit you all the time and right in the face. I recommend that you actually take the time to *read* the fixed security issues. And do you think you will have a heads up for every "infected site"? Or that all of the security fixes/vulnerabilities only involve the browser component? > > Watch for example what happened with IMAP mail in 2.13. We had to > rollback the entire Seamonkey deployment in our company because of > critical bugs in 2.13. Now we use 2.14.1 but I am again very > wary to upgrade without extensive testing and making sure there > are no stupid bugs like the font bug that was introduced into the > HTML editor (and forced us to disable font size changes in the > mail composition) Odd, I don't see that mentioned in your posts here. But see no improvement on the IMAP issues that I experience regardless of version. (I click on an IMAP account & get continuous download symptoms until I click away). Your election to wait to install 2.15.x across 400+ computers is, of course your choice. It may even be a good choice in your situation/environment, but in the interim your company is at risk to the CVE's listed. That said, I'd be pretty hesitant to tell someone an individual on this list to stay at a 2.14 release without (IMO) good reason. > > Security issues are important, but functional bugs are also (and > even more) important. Unfortunately, Mozilla does not separate > them like Microsoft does. With Microsoft Internet Explorer we > get functionally stable releases for which security bugs are solved > with updates with as little functional impact as possible. I see. Well I suppose... nah, never mind. > With Mozilla you basically get security issues fixed only in the > "current version", and whenever a security bug is fixed they entice > you to upgrade to a new version with functional changes and new > bugs, that are fixed only very slowly. This means that many users > just stay at (slightly) older versions. I reckon that with the 400 MSO (mail & browser) license fees that your company saves by using SeaMonkey, perhaps your company can contribute something to the SeaMonkey project? <https://donate.mozilla.org/page/contribute/seamonkey> <http://www.seamonkey-project.org/dev/> _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
