[Bug 209167] seamonkey < 1.0.5 multiple vulnerabilities; to replace Mozilla

bugzilla at redhat.com bugzilla at redhat.com
Sat Oct 21 06:09:09 UTC 2006 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: seamonkey < 1.0.5 multiple vulnerabilities; to replace Mozilla


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209167


deisenst at gtw.net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|seamonkey < 1.0.5 multiple  |seamonkey < 1.0.5 multiple
                   |vulnerabilities             |vulnerabilities; to replace
                   |                            |Mozilla
          Component|mozilla                     |seamonkey
                 CC|                            |michal at harddata.com,
                   |                            |jkeating at redhat.com




------- Additional Comments From deisenst at gtw.net  2006-10-21 02:08 EST -------
Changing component to seamonkey, as this was added yesterday or so to the
Bugzilla system.  Thanks, Jesse!

Kai, we're doing some work in Legacy to help open up access for folks to
be able to build packages in an environment like Fedora Extras has -- even-
tually down to even using the same build server infrastructure that Extras
now uses.

However, Legacy's current build team for quite a while has had its own
independent build server, which we are still using.   We are in the pro-
cess of getting to know how CVS works and more about the details of buil-
ding packages in a similar if not nearly identical way that Extras does
it.  I for one am a CVS newbie though.  Legacy folks have been used to
unpacking, repacking, and passing around .src.rpm's for Legacy's QA
activities.

Although we are in the process of migrating to a more extras-like
environment in Legacy, I am not sure how technically far along the
process we are in doing so.  Jesse Keating is the man-in-the-know in
that regard.  I believe Jesse is trying to balance a desire to get 
everything moved to Fedora infrastructure with the fact that there are
a number of people that need to get accustomed to what to us is a new
way of doing things.

Because some other packages in the Fedora Core depend on libraries
provided by Mozilla, and because we are not sure of which and/or how many
Mozilla &c vulnerabilties may lie within the libraries that Mozilla pro-
vides to other packages in Core, I believe we ought to be more interested
in creating replacement packages for Mozilla using seamonkey.  At least
'yelp' and the 'epiphany' browser depend upon Mozilla libraries, but there
may be other packages in Core that do too.

You might be interested in knowing, Kai, that Michal Jaegermann, a Fedora
Legacy contributor, has created a replacement seamonkey srpm package for
FC4.  His email to the fedora-legacy-list about it can be found here:
<http://www.redhat.com/archives/fedora-legacy-list/2006-September/msg00019.html>


Kai, do you have access to Fedora Legacy's cvs?  An example command that I 
was given to access (checkout) a package from that cvs:
   cvs -d :ext:<user>@cvs.fedora.redhat.com:/cvs/legacy co <package>

which should check out the Fedora Core 3 & 4 cvs stuff for <package>.

If you have access, I would welcome your checking in seamonkey 1.0.5
sources and patches and a spec-file there.  After you do that, we can
tweak the spec-file to turn seamonkey into a replacement seamonkey
version for our FC4 and FC3 users.  Then I can build what we've come
up with on Legacy's build server, sign it with the Legacy PGP key, push
it to Legacy's updates-testing repository and ask our legacy folks to
test it.  I certainly will, especially if we can create a FC5 version
of a (replacement) seamonkey while we're at doing these others for FC4
and FC3.

If you don't have access to Legacy's cvs, you can get access by being
added to the 'cvslegacy' group through the Fedora Accounts system,
   <http://fedoraproject.org/wiki/Infrastructure/AccountSystem>.
Jesse Keating will be the one to approve your access there; I would
think that should be no problem.

Does this sound like a plan?  Thoughts / Suggestions anyone?

Thanks!

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

More information about the Fedora-security-list mailing list