Re: Mozilla products in Debian (was: A question for the list:)
- From: "Boyd Stephen Smith Jr." <bss@xxxxxxxxxxxxxxxxx>
- Date: Fri, 5 Nov 2010 09:10:44 -0500
On Friday 05 November 2010 08:13:41 Camaleón wrote:
On Fri, 05 Nov 2010 07:54:29 -0500, Boyd Stephen Smith Jr. wrote:
In <pan.2010.11.05.08.38.21@xxxxxxxxx>, Camaleón wrote:
On Fri, 05 Nov 2010 00:30:11 -0500, Boyd Stephen Smith Jr. wrote:Firstly, only packages that are already in the official repository are
There is a third choice, I guess: Ship firefox / thunderbird in
non-free. Support for non-free is best-effort, which basically means
that if upstream is willing to fix it then the security team /
maintainers will package it. This basically results in Debian
stable's non-free containing software with known security
vulnerabilities that Mozilla is unwilling to fix.
How about "volatile"? :-?
ClamAV packages are there for that precisely reason (they need to be
updated -security fixes- very often).
included in volatile.
Icedove and Iceweasel are.
Yes, but the original request was for Firefox and Thunderbird.
Second, volatile is for packages that need
frequent, non-security updates to maintain functionality (at least in
the eyes of some users). (Updating the virus signature database is not
considered a security update.)
AFAIK, ClamAV packages are fully upgraded (not only for fetching new
signatures but the whole program).
In any case, they are not "security upgrades" in the Debian sense. They do
not fix vulnerabilities in the ClamAV package.
FWIW, even ClamAV in volatile avoids new upstream versions unless old versions
are unable to function.
Thirdly, the policy of no new upstream
versions after release isn't changed for volatile. (It is changed for
volatile-sloppy.)
And that is what people wants to be improved :-)
No. That's NOT what those who know and love Debian stable want. The lack of
upstream changes is one of the main reasons I use stable on servers.
Finally, updating the Debian package *more often* is
the opposite of coming into trademark compliance.
You know what other "non-rolling" distros do in this case: stock
versions of the programs remain unchanged and maintained for the time the
distribution is supported but in pararel there are satellite repositories/
forges.
1. Backports contains new upstream versions compiled in a released Debian
environment. When Squeeze is released we should have an official backports
service.
2. No one is preventing anyone from creating such repositories. Debian is a
volunteer project. Existing DDs seem to like the status quo at least to some
degree (existing policy can be changed if there is sufficent support for a
change). New volunteers can work on whatever they like and the process of
becoming a DD is well-documented and always open.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
bss@xxxxxxxxxxxxxxxxx ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/
Attachment:
signature.asc
Description: This is a digitally signed message part.
- Follow-Ups:
- Re: Mozilla products in Debian (was: A question for the list:)
- From: Klistvud
- Re: Mozilla products in Debian (was: A question for the list:)
- From: Camaleón
- Re: Mozilla products in Debian (was: A question for the list:)
- References:
- A question for the list:
- From: ZephyrQ
- Re: Mozilla products in Debian (was: A question for the list:)
- From: Boyd Stephen Smith Jr.
- Re: Mozilla products in Debian (was: A question for the list:)
- From: Camaleón
- A question for the list:
- Prev by Date: Re: A question for the list:
- Next by Date: Re: lenny & thunderbird filters-SOLVED!
- Previous by thread: Re: Mozilla products in Debian (was: A question for the list:)
- Next by thread: Re: Mozilla products in Debian (was: A question for the list:)
- Index(es):
Relevant Pages
|
