Paul Marwick wrote:
If you're concerned, you could do what I do - download the build information from the ABS and build it yourself. A bit of minor editing of the PKGBUILD is required, and the build takes a while (around and hour twenty minutes on my Core"Duo laptop), but that is it...
Sorry, but that's not the way how things should work. If a distribution offers a package, then it should also offer updates for it. Most users don't monitor all the packages, a distribution offers, for possible holes. They just trust their distributor to ship security updates on time.
As long as you have the SeaMonkey package one of your primary repositories, you also signal to users, that you plan to update this package. If you can't keep it updated, please drop it and, for example, tell your users to switch to Firefox and Thunderbird.
Bad reaction time on security holes was one of the top reasons, why I ported from Slackware to Archlinux and now it seems like Archlinux isn't much better there...
Yours Manuel