-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael C wrote: > Johannes Wiedersich wrote: > >> I am not sure if I understand correctly: What are your objections >> against debian's way of security fixes? > > Let's take the example of Seamonkey/Iceape. Officially EOL'd as of May, > the 1.0.x branch's security status is no longer being actively > investigated by upstream developers, but assuming that Lenny takes as > long to come to fruition as Etch, come Debian's next major release its > developers -- with fewer resources than upstream, I should imagine -- > will have been searching out and patching vulnerabilities in an > abandoned codebase for more than 20 months. > > I've no doubt that the resulting code's more stable than upstream's, > it's just that I'd rather place my trust in the upstream codebase (or > Debian patches based thereon). > > Not a very original objection, but a reasonable-sounding pretext for > moving away from Stable ;)
[I'm not a security expert and I don't follow this in every detail, so take my statements carefully and with a grain of salt. ] I personally view it this way: - - upstream replace each mozilla-* version with a new version. This means that at the same time a security issue is fixed, a new one may arise due to new features etc. - - for each security issue discovered, debian carefully checks whether it affects the version in stable. If so, the issue gets fixed and it is rather unlikely that 'new' security holes are introduced this way. I can't ultimately tell by hard facts, which approach is more secure, but my experience with debian's approach has been good. You could also run stable etch and install firefox et al. from mozilla's website... I think that even includes an automatic update feature. (Have never tried this myself, though.) YMMV, HTH, best wishes! Johannes -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFG/Kn8C1NzPRl9qEURAsPwAJ9EjE8jEQKPyk5m32DVLszV/pY0YgCeORqr HELajNPo4KZdXug5xmPK/wk= =aFuv -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
