Mailinglist Archive: opensuse-factory-mozilla (15 mails)
| < Previous | Next > |
Re: [opensuse-factory-mozilla] Fwd: Re: Security issues: How do users, maintainers and developers work together? Second Example: Thunderbird 3.0.6, Firefox 3.6.8
- From: Wolfgang Rosenauer <wolfgang@xxxxxxxxxxxxx>
- Date: Sun, 12 Sep 2010 14:40:04 +0200
- Message-id: <4C8CCA24.60906@xxxxxxxxxxxxx>
Hi,
Am 10.09.2010 16:24, schrieb pistazienfresser (see profile):
You got me during vacation which delayed my answer to that.
So let me describe what usually happens with Firefox and Thunderbird
updates.
The last round of security updates you refer to were published on Sep 7th.
Exactly at that day I've published the updates in my buildservice
mozilla repository which is used by a lot of people. But those are no
official packages as they are just gone through my own "QA" when
published. So there is low risk that they are breaking things (which
would get fixed fast though).
For the official openSUSE updates there is a bigger process to prepare
updates. That process can only begin when Mozilla is publishing their
updates as before that we cannot be sure that they don't delay them
because there are blocker bugs found late.
Packages are prepared at the release day, submitted and built against
the openSUSE base distribution. They get QA and are released when that
is finished. How long this can take varies as for example we needed
another patch to compile Firefox on released distributions which wasn't
noticed before.
There is basically nothing you need to or can do to speed up the release
process for the Mozilla apps. The only thing you can do is to include
the mozilla repository to your package manager. You will get new
versions basically at the same time as Mozilla releases them but you
take a little more risk (which should be really only a little) of
breaking something for a short period of time.
Probably Marcus has more comments on that?
Wolfgang
--
To unsubscribe, e-mail: opensuse-factory-mozilla+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory-mozilla+help@xxxxxxxxxxxx
Am 10.09.2010 16:24, schrieb pistazienfresser (see profile):
Hello maintainers of Mozilla programs, hello all,
there seems to be a 'known' security related bug (potential Cross-Site
Scripting Attacks) on several versions of Thunderbird and Firefox. Is it
also known to you (pl.)?
You got me during vacation which delayed my answer to that.
So let me describe what usually happens with Firefox and Thunderbird
updates.
The last round of security updates you refer to were published on Sep 7th.
Exactly at that day I've published the updates in my buildservice
mozilla repository which is used by a lot of people. But those are no
official packages as they are just gone through my own "QA" when
published. So there is low risk that they are breaking things (which
would get fixed fast though).
For the official openSUSE updates there is a bigger process to prepare
updates. That process can only begin when Mozilla is publishing their
updates as before that we cannot be sure that they don't delay them
because there are blocker bugs found late.
Packages are prepared at the release day, submitted and built against
the openSUSE base distribution. They get QA and are released when that
is finished. How long this can take varies as for example we needed
another patch to compile Firefox on released distributions which wasn't
noticed before.
There is basically nothing you need to or can do to speed up the release
process for the Mozilla apps. The only thing you can do is to include
the mozilla repository to your package manager. You will get new
versions basically at the same time as Mozilla releases them but you
take a little more risk (which should be really only a little) of
breaking something for a short period of time.
Probably Marcus has more comments on that?
Wolfgang
--
To unsubscribe, e-mail: opensuse-factory-mozilla+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory-mozilla+help@xxxxxxxxxxxx
| < Previous | Next > |