Latest firefox vulnerability

Moritz Muehlenhoff jmm at inutil.org
Thu Jun 8 14:00:57 UTC 2006


Michael Stone wrote:
> On Thu, Jun 08, 2006 at 02:53:07PM +0100, Steve Kemp wrote:
> >On Thu, Jun 08, 2006 at 09:50:15AM -0400, Michael Stone wrote:
> >>If we can't get backports in a reasonable timeframe, I think we 
> >>have to consider backporting a supported version before we let the sarge 
> >>packages get into the state the woody packages reached.
> >
> > Wouldn't this be an ideal use for the Volatile repository?
> 
> No. We can't just distribute a version with security problems and tell 
> people to use some other archive if they need security. If we dropped 
> mozilla from the main archive and *only* distributed it from volatile, 
> then it would be ok. But we've given our users an expectation that if 
> they install main & get security updates form security.d.o, they'll be 
> taken care of. We can't just stop doing that. (Although we did it for 
> woody, I'd like to think that's an anomoly rather than our new policy.)

I agree it's not an option for Sarge, can we could very well do it
for Etch.

Cheers,
        Moritz



More information about the pkg-mozilla-maintainers mailing list