Hi folks,
Pardon my top-posting. We may have some options here for the relatively-
newly-discovered Mozilla/Firefox/Thunderbird/Seamonkey vulnerabilities, and
I'd like to get a feel for what you all would like to do?
(I believe) Red Hat is backporting patches for the Mozilla-1.7.13 / Firefox-
1.0.8 packages that we just (belatedly) released yesterday... (and perhaps
for Thunderbird too?) But then after these patches, my under- standing then
is that that's the end-of-the-line for RHEL-supported Mozilla-1.7.13/
{Firefox,Thunderbird}-1.0.8 packages. And there is no way that we have the
kind of expertise to extend support beyond what RHEL can do on these
products....
Shall we just migrate now to Seamonkey-1.0.2 and {Firefox,Thunderbird}-
1.5.0.4 (that fix all the published critical and non-critical vulner-
abilities) and be done with it? Or wait and see what updated Mozilla/
Firefox/Thunderbird comes out of the efforts being lead by Christopher
Aillon of Red Hat (see below)?
Thanks for your input.
Warm regards,
David Eisenstein
>> On 6/9/2006 10:33 CDT, David Eisenstein wrote:
>> > I heard a rumor the other day that Red Hat Enterprise Linux may be planning
>> > to replace Mozilla with Seamonkey in their currently-maintained distros. Am
>> > wondering if there is any truth to this rumor? Also wondering if there is
>> > anything we in Fedora Legacy can do to help in this process of dealing with
>> > these critical Mozilla/Firefox/Seamonkey bugs?
> On 6/9/2006 12:08 CDT, Josh Bressers <bressers@xxxxxxxxxx> wrote:
>> This is true. We're going with seamonkey in RHEL. I think this current
>> round of issues is proof as to why this has to happen. Backporting to the
>> firefox 1.0 branch is nearly impossible given the drastic changes between
>> versions.
>>
>> Right now we're furiously working on backporting patches for the most
>> critical issues. If you want to help mail Chris Aillon (caillon@redhat)
>> with your request. He's currently heading up a small group of various
>> distributors trying to get all this work done.
On 6/9/2006 12:44 CDT, Stephen John Smoogen wrote:
> I would say that it is not worth the effort to do that much
> backporting. I am having to deal with sites that just want to block
> old Firefox browser strings anyway at their firewalls. So my day job
> is basically going to be get 1.5.0.4{5,6,7} onto RHL-7.3 -> RHEL-4
> anyway.
>
> My {I am not much of a coder, but have to deal with the mess left over
> by them} possition would be that getting a modularized javascript
> interpreter written, debugged, security minded than trying to back-fix
> things might be a better idea.
--
fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list
