On Tue, 29 Jun 2010 09:37:46 +0200, Mike Hommey wrote: > On Tue, Jun 29, 2010 at 02:57:32AM -0400, Michael Gilbert wrote: > > Mozilla actively makes it hard to stay up to date > > (by providing as little information as possible in their advisories); > > webkit (for the most part except for Apple announcements) makes it > > easy. This means security fixes are going to happen a lot faster since > > there is a lot less downtime waiting for patches to by disclosed. > > Actually, that's not true. It's pretty easy to track the security > related changes in mercurial now (that was indeed a problem when mozilla > was still using CVS), and security bugs are as documented as Webkit's. > The only difference, for now, is that we have access to the Webkit bugs > while we (still) don't have access to the Mozilla ones. But that should > happen some day. > > IOW, your point is void ;)
OK, point taken (I don't have any perspective on mozilla's inner workings, so I didn't know this). However, do you want to continue suffering with the workload required to support the mozilla packages? The core problem I see is that there are two very vulnerable codebases currently planned to be supported, and manpower could be roughly halved if the codebases were reduced to one. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100629113528.d113c16d.michael.s.gilb...@gmail.com
