Last upload for mozilla-based products

Alexander Sack asac at debian.org
Fri Mar 16 13:07:49 CET 2007 

On Fri, Mar 16, 2007 at 02:44:37AM -0700, Steve Langasek wrote:
> 
> I guess iceape and xulrunner both have security bugs in testing that should
> be considered RC?  I'll go ahead and unblock iceape on that basis; I'll
> leave xulrunner for Marc to comment on further, since he knows the status
> better than I do.
> 
> > > The provided interdiff looks reasonable to me, so I don't object to its
> > > inclusion if you believe that's the correct course of action.  Is there a
> > > description available for the original issue that the redhat patch was
> > > intended to solve?  (That would help, among other things, with forming an
> > > educated opinion on whether it should be added to icedove.)
> 
> > There are 2 things that are done by the patch. The first is to properly
> > handle external helper applications with arguments, as provided by gnomevfs,
> > which in turn uses the information from shared-mime-info.
> > I don't have an example of such an helper in mind, but the example given in
> > upstream bug is if someone sets "gedit --new-window" to be the handler for
> > text/plain files.
> > The second is that /etc/mailcap was taking precedence on "gnome" mime
> > information.
> 
> > The bug the interdiff corrects is that now the gnomevfs code takes
> > precedence on /etc/mailcap, there is no extensions information available,
> > because the gnomevfs code doesn't return them anymore
> > (gnome_vfs_mime_get_extensions_list always returns NULL). The side effect
> > of this is that it breaks the way the external helper applications are being
> > set in mozilla applications.
> > So the interdiff works around this by taking the extensions info from
> > mime.types files (but still uses the extensions given by gnomevfs if there
> > are, which may happen with very old versions of gnomevfs).
> 
> Ok, if you think this is an important thing to have fixed for icedove, I can
> accept that.  (Hmm, icedove also out of sync between testing and unstable,
> and I have no idea about that one at all...)
> 

New upstream version is available is a always RC for any ice
application ... I thought the release team already knows that. There
is *always* a whole haystack of security issues fixed with each new
upstream release (without any exception).

Further (e.g. for icedove), ice-applications being out of sync in the
archive is a *super RC* bug in itself.  So please take care that you
don't approve one application while you don't push another
... especially short before release.

Maybe these two facts can be added to the release team best practices
bible or something?

 - Alexander
-- 
 GPG messages preferred.    |  .''`.  ** Debian GNU/Linux **
 Alexander Sack             | : :' :      The  universal
 asac at debian.org            | `. `'      Operating System
 http://www.asoftsite.org/  |   `-    http://www.debian.org/

More information about the pkg-mozilla-maintainers mailing list