Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-02-05 Thread Michael Stone
On Thu, Feb 05, 2015 at 09:38:11AM +0100, Paul van der Vlis wrote: Op 05-02-15 om 00:54 schreef Holger Levsen: and then finally, sometime later in 2014, security support for oldstable was finally introduced for the first time. There was always a year security support for oldstable (sometimes w

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-02-05 Thread Holger Levsen
Hi, On Donnerstag, 5. Februar 2015, Paul van der Vlis wrote: > There was always a year security support for oldstable. you are right with that. cheers, Holger signature.asc Description: This is a digitally signed message part.

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-02-05 Thread Paul van der Vlis
Op 05-02-15 om 00:54 schreef Holger Levsen: > and then finally, sometime later in 2014, security support for oldstable was > finally introduced for the first time. There was always a year security support for oldstable (sometimes with some remarks in te release notes for Mozilla products). With

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-02-05 Thread Paul van der Vlis
Hi Michael, Op 05-02-15 om 02:23 schreef Michael Gilbert: > On Wed, Feb 4, 2015 at 3:38 PM, Paul van der Vlis wrote: >>> The backports team expects backporters to have demonstrated competence >>> with the packages that they're planning to upload. Anyone considering >>> this should first get invol

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-02-04 Thread Michael Gilbert
On Wed, Feb 4, 2015 at 3:38 PM, Paul van der Vlis wrote: >> The backports team expects backporters to have demonstrated competence >> with the packages that they're planning to upload. Anyone considering >> this should first get involved with the package maintenance teams >> first and help with a

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-02-04 Thread Holger Levsen
Hi, On Donnerstag, 5. Februar 2015, Paul van der Vlis wrote: > Iceweasel support for oldstable stopped at 24 Mar 2009: > Icedove support for oldstable stopped at 12 Jul 2009: > Icedove security support for oldstable stopped at 09 Mar 2011: > The security support of Iceweasel for oldstable stopped

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-02-04 Thread Paul van der Vlis
Hi Mike, Thanks for your good work for Debian! Op 04-02-15 om 23:48 schreef Mike Hommey: >> In the past, Iceweasel and Icedove never had a year security support >> after a new release. > > I'm curious to know where that's coming from. Iceweasel and Icedove have > always received security support

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-02-04 Thread Mike Hommey
On Wed, Feb 04, 2015 at 09:38:17PM +0100, Paul van der Vlis wrote: > Op 04-02-15 om 15:40 schreef Michael Gilbert: > > On Mon, Feb 2, 2015 at 11:46 AM, Paul van der Vlis wrote: > >> I think it's a good idea to do a backport of the build-system after > >> freeze-time of testing. Then we know what th

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-02-04 Thread Paul van der Vlis
Op 04-02-15 om 15:40 schreef Michael Gilbert: > On Mon, Feb 2, 2015 at 11:46 AM, Paul van der Vlis wrote: >> I think it's a good idea to do a backport of the build-system after >> freeze-time of testing. Then we know what the new build-environment is >> for the coming release. >> >> I can understan

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-02-04 Thread Florian Weimer
* Russell Coker: > On Sun, 1 Feb 2015 11:18:43 PM Paul Wise wrote: >> chromium was already being backported to wheezy for security updates, >> the latest versions need newer compilers so we can't backport any >> more. > > Why can't we backport the compilers too? You'd have to replace the system l

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-02-04 Thread Michael Gilbert
On Mon, Feb 2, 2015 at 11:46 AM, Paul van der Vlis wrote: > I think it's a good idea to do a backport of the build-system after > freeze-time of testing. Then we know what the new build-environment is > for the coming release. > > I can understand that Michael does not have the time and motivation

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-02-03 Thread Jan Wagner
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am 02.02.15 um 19:27 schrieb Moritz Mühlenhoff: > Paul Wise schrieb: >>> So, what are the alternatives in our case? >> >> Upgrade to jessie or switch to another web browser. > > Or use the the (non-free) Chrome DEBs provided by Google. In fact Ch

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-02-02 Thread Pavlos K. Ponos
Thank you very much Paul for the reply. Kind regards, Pavlos *Pavlos K. Ponos* View Pavlos K. Ponos's profile on LinkedIn On 02/02/2015 09:45 PM, Paul van der Vlis wrote: Op 02-02-15 om 20:13 schreef Pavlos K. Ponos: Hello list! Thank you

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-02-02 Thread Paul van der Vlis
Op 02-02-15 om 20:13 schreef Pavlos K. Ponos: > Hello list! > > Thank you very much for the detailed feedback :) > One last question with regards to the following quote, till the next > stable release would we have security issues with Iceweasel and Icedove > too?(!) I don't know, I expect it wil

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-02-02 Thread Pavlos K. Ponos
Hello list! Thank you very much for the detailed feedback :) One last question with regards to the following quote, till the next stable release would we have security issues with Iceweasel and Icedove too?(!) Regards, Pavlos On 02/02/2015

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-02-02 Thread Sebastian Rose
> Or use the the (non-free) Chrome DEBs provided by Google. Did they stop to put their servers into /etc/apt/sources.list before installing and, even worse, after de-installing? They did the last time I (un-)installed Chrome. - Sebastian -- Ich setzte einen Fuß in die Luft, und sie trug.

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-02-02 Thread Moritz Mühlenhoff
Paul Wise schrieb: >> So, what are the alternatives in our case? > > Upgrade to jessie or switch to another web browser. Or use the the (non-free) Chrome DEBs provided by Google. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "uns

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-02-02 Thread Paul van der Vlis
Op 02-02-15 om 04:44 schreef Michael Gilbert: > On Sun, Feb 1, 2015 at 9:52 PM, Russell Coker wrote: >> On Sun, 1 Feb 2015 11:18:43 PM Paul Wise wrote: >>> chromium was already being backported to wheezy for security updates, >>> the latest versions need newer compilers so we can't backport any >>>

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-02-01 Thread Michael Gilbert
On Sun, Feb 1, 2015 at 9:52 PM, Russell Coker wrote: > On Sun, 1 Feb 2015 11:18:43 PM Paul Wise wrote: >> chromium was already being backported to wheezy for security updates, >> the latest versions need newer compilers so we can't backport any >> more. > > Why can't we backport the compilers too?

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-02-01 Thread Paul Wise
On Mon, Feb 2, 2015 at 10:52 AM, Russell Coker wrote: > Why can't we backport the compilers too? I think you meant to send this question to t...@security.debian.org and debian-rele...@lists.debian.org. -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-security

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-02-01 Thread Russell Coker
On Sun, 1 Feb 2015 11:18:43 PM Paul Wise wrote: > chromium was already being backported to wheezy for security updates, > the latest versions need newer compilers so we can't backport any > more. Why can't we backport the compilers too? -- To UNSUBSCRIBE, email to debian-security-requ...@lists.

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-02-01 Thread Paul Wise
On Mon, Feb 2, 2015 at 3:14 AM, Pavlos K. Ponos wrote: > Since the latest gcc version for Wheezy is the 4.7 and Chromium "moves" to > 4.8, what shall we do? Follow the advice in DSA-3148-1: upgrade to jessie or switch to the iceweasel web browser. > Till the next stable release (Jessie), are we

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-02-01 Thread Pavlos K. Ponos
Hello, Since the latest gcc version for Wheezy is the 4.7 and Chromium "moves" to 4.8, what shall we do? Till the next stable release (Jessie), are we vulnerable to security issues? As mentioned before, we can build environments to support all the upstream features but this goes against the "s

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-01-31 Thread Michael Gilbert
On Sun, Feb 1, 2015 at 12:15 AM, Chris Frey wrote: > Can someone please point me to the upstream announcement for > dropping gcc 4.7 support? I can't seem to find it, and I'd like > to read up on the details why. The answer is in the previous mail I sent. The short answer is C++11. Best wishes,

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-01-31 Thread Chris Frey
Hi, Can someone please point me to the upstream announcement for dropping gcc 4.7 support? I can't seem to find it, and I'd like to read up on the details why. Thanks, - Chris On Sat, Jan 31, 2015 at 05:13:26PM -0500, Michael Gilbert wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-01-31 Thread Michael Gilbert
On Sat, Jan 31, 2015 at 5:44 PM, Darius Jahandarie wrote: >> Security support for the chromium web browser is now discontinued >> for the stable distribution (wheezy). Chromium upstream stopped >> supporting wheezy's build environment (gcc 4.7, make, etc.), so >> there is no longer any practical w

Re: [SECURITY] [DSA 3148-1] chromium-browser end of life

2015-01-31 Thread Darius Jahandarie
On Sat, Jan 31, 2015 at 5:13 PM, Michael Gilbert wrote: > - - > Debian Security Advisory DSA-3148-1 secur...@debian.org > http://www.debian.org/security/ Michael Gilbert > January 31