Le jeudi, 30 mai 2013 15.29:22, Stefano Zacchiroli a écrit : > On Thu, May 30, 2013 at 03:20:29PM +0200, Didier 'OdyX' Raboud wrote: > > > Which web browsers would remain in stable if we applied this criterion > > > consistently? > > > > Although that makes me very sad, if we (collectively) give up packaging > > browser extensions (hence letting our users rely on third-party > > repositories to get access to [non-]free binaries) and frozen browsers > > in stable, then maybe the correct answer to your question is "none". > > And do you think that would be the best outcome for Debian users?
No, not unless we'd provide said browsers in a different suite (hence the bikeshed proposal). That would make the difference in applied security polices clearer, IMHO. > FWIW, I don't. I think the compromise that the security team is proposing is > much more reasonable than such an alternative. That compromise (which I do definitely support for wheezy) puzzles me most for the precedent it creates: if we "give up" [0] maintaining some of the most security-sensitive softwares up to our stable policy, why should other packages be bound to it? > Note that the presence of non-free extension in the 3rd party > repositories that come pre-configured with Debian-distributed browsers > (and incresingly more other software) is a different problem. The problem is equally worrying for both free and non-free extensions IMHO. Christoph worded it better than I could [1]. > And one we should tackle, IMHO, but that's for a separate discussion. I'm not sure it's that much of a separate discussion: as the original message mentionned, we'll get the ESR17 and then ESR24 version of Firefox/Iceweasel in Wheezy, including the new features related to extensions and 3rd party repositories, which are out of our control. I must admit though that I don't know precisely how this area evolves and I do trust the "Maintainers of Mozilla-related packages" to do it right. Cheers, OdyX [0] And that's _definitely_ not meant as fingerpointing anyone. [1] <1369924284.5345.7.ca...@fermat.scientia.net> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201305302029.16610.o...@debian.org
