Using new upstream versions are bound to cause new problems. Maybe
not at the moment with only going from 1.0.4 to 1.0.6 but more
probably they will do later.
Sooner or later they will change the behaviour of the program (so uses
will be confused), change the API (so plugins, language files etc
won't work anymore), alter the dependencies (so the packages will be
slurp in new packages or cannot be built on stable at all).
IMHO, sloopy security support (by uploading new upstream versions) is better
than no security support.
I'd say, 1.0.x (firefox, thunderbird) should go to security.debian.org (in
the hope that it doesn't cause other problems) because sarge users expect to
get fixed packages from there. Of course, that will need testing.
For 1.5.*, (firefox, thunderbird) it should also be put on
security.debian.org when it first fixes any security related issues, but
only as long as the only problem are untranslated strings (We can make the
langpacks available from some seperate location, if needed)
For mozilla, the problems are hopefully smaller, because 1.7.* will probably
stay more or less at it is, and new upstream versions are security fixes
plus some small bug fixes. (I have to admit that I didn't verify that claim
by looking at the source code)
For etch, mozilla packages should be supported by some seperate location
(like volatile.debian.net), and people who install desktop systems should be
asked if they want to add that location to their sources.list.
Willi
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
