Need SeaMonkey opinions - [Fwd: [RHSA-2006:0734-01] Critical: seamonkey security update]
Eric Rostetter
rostetter at mail.utexas.edu
Wed Nov 8 17:12:17 UTC 2006
Quoting David Eisenstein <deisenst at gtw.net>:
> There are some old Bugzilla's that had been open for RHL 7.3, RHL 9, FC 1,
> FC 2, and FC 3 for Mozilla. There has been a running discussion (and no
> action -- largely my fault -- sorry!) about how and whether we upgrade
> Mozilla to SeaMonkey so that SeaMonkey becomes a Mozilla replacement (Core)
> package rather than an Extras package on a Bugzilla ticket for SeaMonkey.
> The Bugzilla number is 209167:
> <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209167>.
I personally think this would be a good thing. I'd vote for upgrading
from mozilla to seamonkey, as long as we can get people to do the work...
> The advantage of having SeaMonkey do this is that all other packages (such
> as yelp, epiphany, possibly others) will inherit the more secure code from
> SeaMonkey, since they tap into the shared-library (.so) files that SeaMonkey
> would be providing. My understanding then also would be that SeaMonkey is
> meant to be API compatible with Mozilla, so that other programs that depend
> on functions (or objects) in Mozilla's shared-library should continue to
> work okay, possibly without recompilation, but probably requiring
> recompilation and pushing to updates.
We'd need some real good testing for this upgrade of course. But I'm
definately in favor of trying.
> Does anyone have any comments on how you wish the Legacy Project to approach
> this? I favor SeaMonkey as a Mozilla replacement, as it covers all
> vulnerabilities in packages that dynamically link to the shared libraries.
> But perhaps there are other ideas.
I think that going to seamonkey is the logical thing to do for RHL and
early FC releases. Not sure how later FC releases should be handled,
since I don't use them.
Note this is in-line with mozilla.org and redhat.com, and basically is
the "industry standard" upgrade path. So I think we are fully justified
in doing so.
> Since Legacy Mozilla/Firefox/Thunderbird security bugs have been open since
> June (and not worked on), I also advocate that we in Legacy build SeaMonkey
> packages for *all* releases of Fedora Core that we have ever supported
> (since older releases were supported at that time) and RHL 7.3 and RHL 9.
> Does anyone object to that?
Sounds great. I can test them on RHL 7.3, RHl 9 and FC 3 64-bit.
I'm willing to do any installation/functionality testing required on
those versions. Those are the only versions I have access to for
testing.
> What say ye??
Sounds good to me.
> Regards,
> David Eisenstein
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin
Go Longhorns!
More information about the fedora-legacy-list
mailing list