Is Firefox a Good Thing?
Christopher Aillon
caillon at redhat.com
Fri Oct 13 20:23:57 UTC 2006
Andy Green wrote:
> Christopher Aillon wrote:
>
>> It is more risky to backport them instead of taking the new versions
>> wholesale. Several of the patches for the critical fixes involve a
>> re-architecture of the way the entire DOM/JS model is handled
>> internally. This means MASSIVE changes which took several architects
>> months to perfect, and it STILL caused 10-20 regressions.
>
> Shouldn't this cause a terrified reassessment of having Firefox in the
> distro at all, given its unique position running as the user (under
> whose credentials, typically, the entire value of the box resides),
> making connections to random addresses and running poorly understood
> local code according to what it finds there?
The kernel has more vulnerabilities[1] than this user-space application
does. Let's reconsider having that in the distro, too.
[1] http://www.redhat.com/magazine/017mar06/features/riskreport/
More information about the fedora-devel-list
mailing list