Quoting David Eisenstein <deisenst@xxxxxxx>:
There are some old Bugzilla's that had been open for RHL 7.3, RHL 9, FC 1, FC 2, and FC 3 for Mozilla. There has been a running discussion (and no action -- largely my fault -- sorry!) about how and whether we upgrade Mozilla to SeaMonkey so that SeaMonkey becomes a Mozilla replacement (Core) package rather than an Extras package on a Bugzilla ticket for SeaMonkey. The Bugzilla number is 209167: <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209167>.
I personally think this would be a good thing. I'd vote for upgrading from mozilla to seamonkey, as long as we can get people to do the work...
The advantage of having SeaMonkey do this is that all other packages (such as yelp, epiphany, possibly others) will inherit the more secure code from SeaMonkey, since they tap into the shared-library (.so) files that SeaMonkey would be providing. My understanding then also would be that SeaMonkey is meant to be API compatible with Mozilla, so that other programs that depend on functions (or objects) in Mozilla's shared-library should continue to work okay, possibly without recompilation, but probably requiring recompilation and pushing to updates.
We'd need some real good testing for this upgrade of course. But I'm definately in favor of trying.
Does anyone have any comments on how you wish the Legacy Project to approach this? I favor SeaMonkey as a Mozilla replacement, as it covers all vulnerabilities in packages that dynamically link to the shared libraries. But perhaps there are other ideas.
I think that going to seamonkey is the logical thing to do for RHL and early FC releases. Not sure how later FC releases should be handled, since I don't use them. Note this is in-line with mozilla.org and redhat.com, and basically is the "industry standard" upgrade path. So I think we are fully justified in doing so.
Since Legacy Mozilla/Firefox/Thunderbird security bugs have been open since June (and not worked on), I also advocate that we in Legacy build SeaMonkey packages for *all* releases of Fedora Core that we have ever supported (since older releases were supported at that time) and RHL 7.3 and RHL 9. Does anyone object to that?
Sounds great. I can test them on RHL 7.3, RHl 9 and FC 3 64-bit. I'm willing to do any installation/functionality testing required on those versions. Those are the only versions I have access to for testing.
What say ye??
Sounds good to me.
Regards, David Eisenstein
-- Eric Rostetter The Department of Physics The University of Texas at Austin Go Longhorns! -- fedora-legacy-list mailing list fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
