Google
  Web www.spinics.net

Re: Need SeaMonkey opinions - [Fwd: [RHSA-2006:0734-01] Critical: seamonkey security update]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Quoting David Eisenstein <deisenst@xxxxxxx>:

There are some old Bugzilla's that had been open for RHL 7.3, RHL 9, FC 1,
FC 2, and FC 3 for Mozilla.  There has been a running discussion (and no
action -- largely my fault -- sorry!) about how and whether we upgrade
Mozilla to SeaMonkey so that SeaMonkey becomes a Mozilla replacement (Core)
package rather than an Extras package on a Bugzilla ticket for SeaMonkey.
The Bugzilla number is 209167:
<https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209167>.

I personally think this would be a good thing.  I'd vote for upgrading
from mozilla to seamonkey, as long as we can get people to do the work...

The advantage of having SeaMonkey do this is that all other packages (such
as yelp, epiphany, possibly others) will inherit the more secure code from
SeaMonkey, since they tap into the shared-library (.so) files that SeaMonkey
would be providing.  My understanding then also would be that SeaMonkey is
meant to be API compatible with Mozilla, so that other programs that depend
on functions (or objects) in Mozilla's shared-library should continue to
work okay, possibly without recompilation, but probably requiring
recompilation and pushing to updates.

We'd need some real good testing for this upgrade of course.  But I'm
definately in favor of trying.

Does anyone have any comments on how you wish the Legacy Project to approach
this?  I favor SeaMonkey as a Mozilla replacement, as it covers all
vulnerabilities in packages that dynamically link to the shared libraries.
But perhaps there are other ideas.

I think that going to seamonkey is the logical thing to do for RHL and
early FC releases.  Not sure how later FC releases should be handled,
since I don't use them.

Note this is in-line with mozilla.org and redhat.com, and basically is
the "industry standard" upgrade path.  So I think we are fully justified
in doing so.

Since Legacy Mozilla/Firefox/Thunderbird security bugs have been open since
June (and not worked on), I also advocate that we in Legacy build SeaMonkey
packages for *all* releases of Fedora Core that we have ever supported
(since older releases were supported at that time) and RHL 7.3 and RHL 9.
Does anyone object to that?

Sounds great.  I can test them on RHL 7.3, RHl 9 and FC 3 64-bit.
I'm willing to do any installation/functionality testing required on
those versions.  Those are the only versions I have access to for
testing.

What say ye??

Sounds good to me.

	Regards,
	David Eisenstein

--
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!

--
fedora-legacy-list mailing list
fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Free Internet Dating]     [Yosemite Questions]

Powered by Linux