[Gnome22-user] Re: Mozilla security for 1.4 branch
Daniel Veditz
dveditz@cruzio.com
Mon, 27 Sep 2004 13:37:25 -0700
The official policy is to support old stable branches for about a year,
until we move to the next stable branch. I know of no plans to ship an
official updated 1.4.x release.
This policy is at odds with the needs of large organizations who cannot
immediately upgrade to a new release, but I don't know that the Mozilla
Foundation has the resources to do anything differently. CC'ing Brendan Eich
in case he wants to comment.
Chris Aillon of RedHat has been singlehandedly supporting the 1.4 branch. It
looks like all the of 1.7.3 security fixes have been back-ported and checked
in, plus a few other fixes, but we don't have a specific version tag.
-Dan Veditz
James Strandboge wrote:
> I am the maintainer of the popular gnome2.2 backport for Debian 3.0
> (http://gnome22.alioth.debian.org/). Included in this backport is
> mozilla 1.4.3. Recently mozilla.org issued a security update and
> released 1.7.3, and the known vulnerabilities page listed the fixed
> bugs.
>
> In the past 1.4 was also updated, however, the new reports on
> http://www.mozilla.org/projects/security/known-vulnerabilities.html
> do not list 1.4.3 as affected (there is no mention of the 1.4 branch at
> all). My question is-- is mozilla 1.4 still supported by mozilla.org
> and if so does 1.4.3 contain all known security patches?
>
> Thank you for your time and clarification on this matter. Please CC
> gnome22-user@lists.alioth.debian.org.
>
> Jamie Strandboge
>