Need SeaMonkey opinions - [Fwd: [RHSA-2006:0734-01] Critical: seamonkey security update]

Eric Rostetter rostetter at mail.utexas.edu
Wed Nov 8 17:12:17 UTC 2006 

Quoting David Eisenstein <deisenst at gtw.net>:

> There are some old Bugzilla's that had been open for RHL 7.3, RHL 9, FC 1,
> FC 2, and FC 3 for Mozilla.  There has been a running discussion (and no
> action -- largely my fault -- sorry!) about how and whether we upgrade
> Mozilla to SeaMonkey so that SeaMonkey becomes a Mozilla replacement (Core)
> package rather than an Extras package on a Bugzilla ticket for SeaMonkey.
> The Bugzilla number is 209167:
> <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209167>.

I personally think this would be a good thing.  I'd vote for upgrading
from mozilla to seamonkey, as long as we can get people to do the work...

> The advantage of having SeaMonkey do this is that all other packages (such
> as yelp, epiphany, possibly others) will inherit the more secure code from
> SeaMonkey, since they tap into the shared-library (.so) files that SeaMonkey
> would be providing.  My understanding then also would be that SeaMonkey is
> meant to be API compatible with Mozilla, so that other programs that depend
> on functions (or objects) in Mozilla's shared-library should continue to
> work okay, possibly without recompilation, but probably requiring
> recompilation and pushing to updates.

We'd need some real good testing for this upgrade of course.  But I'm
definately in favor of trying.

> Does anyone have any comments on how you wish the Legacy Project to approach
> this?  I favor SeaMonkey as a Mozilla replacement, as it covers all
> vulnerabilities in packages that dynamically link to the shared libraries.
> But perhaps there are other ideas.

I think that going to seamonkey is the logical thing to do for RHL and
early FC releases.  Not sure how later FC releases should be handled,
since I don't use them.

Note this is in-line with mozilla.org and redhat.com, and basically is
the "industry standard" upgrade path.  So I think we are fully justified
in doing so.

> Since Legacy Mozilla/Firefox/Thunderbird security bugs have been open since
> June (and not worked on), I also advocate that we in Legacy build SeaMonkey
> packages for *all* releases of Fedora Core that we have ever supported
> (since older releases were supported at that time) and RHL 7.3 and RHL 9.
> Does anyone object to that?

Sounds great.  I can test them on RHL 7.3, RHl 9 and FC 3 64-bit.
I'm willing to do any installation/functionality testing required on
those versions.  Those are the only versions I have access to for
testing.

> What say ye??

Sounds good to me.

> 	Regards,
> 	David Eisenstein

-- 
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!

More information about the fedora-legacy-list mailing list