Security updates

Mike Hommey mh at glandium.org
Sun Dec 31 10:18:29 UTC 2006


On Sat, Dec 30, 2006 at 09:08:16PM +0100, Alexander Sack <asac at debian.org> wrote:
> On Fri, Dec 29, 2006 at 05:38:58PM +0100, Mike Hommey wrote:
> > On Fri, Dec 29, 2006 at 11:56:02AM +0100, Luk Claes <luk at debian.org> wrote:
> > > A starting point would be packages of iceweasel and iceape that are ready to
> > > migrate to etch... I personally prefer having working iceweasel and iceape
> > > packages in etch soon...
> > > 
> > > It will probably depend on the 'minor' functional changes if we prefer the new
> > > upstream or not, but that's only important after having the packages in etch
> > > IMHO...
> > 
> > It's also important to have the packages in etch with the security
> > fixes. I have absolutely no idea how much of the upstream changes are
> > not security updates, maybe Alex could enlighten us on that, and if Alex
> > doesn't know, it will take time to know what are and what are not security
> > fixes.
> 
> I still don't get why you raise this issue. RMs have not yet complained
> about our upload procedures. We did the same for sarge ... aka
> uploading new upstreams as long as release was not yet out. So why
> don't we do the same and start dicussing if RMs complain?

etch is frozen and the current policy is supposed to be no new upstream
unless authorized. Or did I misunderstand the freeze ?

> anyway ... here the statistics: ... there are a total of 120 bugs
> fixed in 1.8.0.9 ... from which are about 80 bugs appear security or
> crasher bugs ... the other fourty are either related to those or look
> rather non-intrusive.
> 
> But please ... upload new upstream version. Starting security support
> before we actually release is just stupid and a waste of my time. If you
> want me to upload iceape or xulrunner, let me know.

Well, if RMs are not opposed to the idea, I will upload them in a few
days.

Mike



More information about the pkg-mozilla-maintainers mailing list