Andy Green wrote:
Christopher Aillon wrote:
It is more risky to backport them instead of taking the new versions
wholesale. Several of the patches for the critical fixes involve a
re-architecture of the way the entire DOM/JS model is handled
internally. This means MASSIVE changes which took several architects
months to perfect, and it STILL caused 10-20 regressions.
Shouldn't this cause a terrified reassessment of having Firefox in the
distro at all, given its unique position running as the user (under
whose credentials, typically, the entire value of the box resides),
making connections to random addresses and running poorly understood
local code according to what it finds there?
The kernel has more vulnerabilities[1] than this user-space application
does. Let's reconsider having that in the distro, too.
[1] http://www.redhat.com/magazine/017mar06/features/riskreport/
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
