Latest firefox vulnerability
Michael Stone
mstone at debian.org
Thu Jun 8 13:57:22 UTC 2006
On Thu, Jun 08, 2006 at 02:53:07PM +0100, Steve Kemp wrote:
>On Thu, Jun 08, 2006 at 09:50:15AM -0400, Michael Stone wrote:
>> If we can't get backports in a reasonable timeframe, I think we
>> have to consider backporting a supported version before we let the sarge
>> packages get into the state the woody packages reached.
>
> Wouldn't this be an ideal use for the Volatile repository?
No. We can't just distribute a version with security problems and tell
people to use some other archive if they need security. If we dropped
mozilla from the main archive and *only* distributed it from volatile,
then it would be ok. But we've given our users an expectation that if
they install main & get security updates form security.d.o, they'll be
taken care of. We can't just stop doing that. (Although we did it for
woody, I'd like to think that's an anomoly rather than our new policy.)
Mike Stone
More information about the pkg-mozilla-maintainers
mailing list