Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: seamonkey < 1.0.5 multiple vulnerabilities; to replace Mozilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209167 deisenst@xxxxxxx changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|seamonkey < 1.0.5 multiple |seamonkey < 1.0.5 multiple |vulnerabilities |vulnerabilities; to replace | |Mozilla Component|mozilla |seamonkey CC| |michal@xxxxxxxxxxxx, | |jkeating@xxxxxxxxxx ------- Additional Comments From deisenst@xxxxxxx 2006-10-21 02:08 EST ------- Changing component to seamonkey, as this was added yesterday or so to the Bugzilla system. Thanks, Jesse! Kai, we're doing some work in Legacy to help open up access for folks to be able to build packages in an environment like Fedora Extras has -- even- tually down to even using the same build server infrastructure that Extras now uses. However, Legacy's current build team for quite a while has had its own independent build server, which we are still using. We are in the pro- cess of getting to know how CVS works and more about the details of buil- ding packages in a similar if not nearly identical way that Extras does it. I for one am a CVS newbie though. Legacy folks have been used to unpacking, repacking, and passing around .src.rpm's for Legacy's QA activities. Although we are in the process of migrating to a more extras-like environment in Legacy, I am not sure how technically far along the process we are in doing so. Jesse Keating is the man-in-the-know in that regard. I believe Jesse is trying to balance a desire to get everything moved to Fedora infrastructure with the fact that there are a number of people that need to get accustomed to what to us is a new way of doing things. Because some other packages in the Fedora Core depend on libraries provided by Mozilla, and because we are not sure of which and/or how many Mozilla &c vulnerabilties may lie within the libraries that Mozilla pro- vides to other packages in Core, I believe we ought to be more interested in creating replacement packages for Mozilla using seamonkey. At least 'yelp' and the 'epiphany' browser depend upon Mozilla libraries, but there may be other packages in Core that do too. You might be interested in knowing, Kai, that Michal Jaegermann, a Fedora Legacy contributor, has created a replacement seamonkey srpm package for FC4. His email to the fedora-legacy-list about it can be found here: <http://www.redhat.com/archives/fedora-legacy-list/2006-September/msg00019.html> Kai, do you have access to Fedora Legacy's cvs? An example command that I was given to access (checkout) a package from that cvs: cvs -d :ext:<user>@cvs.fedora.redhat.com:/cvs/legacy co <package> which should check out the Fedora Core 3 & 4 cvs stuff for <package>. If you have access, I would welcome your checking in seamonkey 1.0.5 sources and patches and a spec-file there. After you do that, we can tweak the spec-file to turn seamonkey into a replacement seamonkey version for our FC4 and FC3 users. Then I can build what we've come up with on Legacy's build server, sign it with the Legacy PGP key, push it to Legacy's updates-testing repository and ask our legacy folks to test it. I certainly will, especially if we can create a FC5 version of a (replacement) seamonkey while we're at doing these others for FC4 and FC3. If you don't have access to Legacy's cvs, you can get access by being added to the 'cvslegacy' group through the Fedora Accounts system, <http://fedoraproject.org/wiki/Infrastructure/AccountSystem>. Jesse Keating will be the one to approve your access there; I would think that should be no problem. Does this sound like a plan? Thoughts / Suggestions anyone? Thanks! -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
