[opensuse-factory] security update policy
Hi, I'm wondering if there is any internal policy at Novell about security updates for Factory? I just found an example what shouldn't happen: MozillaThunderbird is on version 2.0.0.9 on 10.3-updates while it's still on 2.0.0.6 in Factory. Since in 10.3 it was a security update I wonder why it can be that it's still old in Factory. I would expect a policy that Factory should get necessary updates at around the same time. Wolfgang --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Am Donnerstag 10 Januar 2008 schrieb Wolfgang Rosenauer:
Hi,
I'm wondering if there is any internal policy at Novell about security updates for Factory? I just found an example what shouldn't happen:
MozillaThunderbird is on version 2.0.0.9 on 10.3-updates while it's still on 2.0.0.6 in Factory. Since in 10.3 it was a security update I wonder why it can be that it's still old in Factory. I would expect a policy that Factory should get necessary updates at around the same time.
What Factory are you looking at? I have 2.0.0.10 here Greetings, Stephan --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Stephan Kulow wrote:
Am Donnerstag 10 Januar 2008 schrieb Wolfgang Rosenauer:
Hi,
I'm wondering if there is any internal policy at Novell about security updates for Factory? I just found an example what shouldn't happen:
MozillaThunderbird is on version 2.0.0.9 on 10.3-updates while it's still on 2.0.0.6 in Factory. Since in 10.3 it was a security update I wonder why it can be that it's still old in Factory. I would expect a policy that Factory should get necessary updates at around the same time.
What Factory are you looking at? I have 2.0.0.10 here
No, you are looking at Firefox ;-) And even that is old, so what. Wolfgang --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Am Donnerstag 10 Januar 2008 schrieb Wolfgang Rosenauer:
What Factory are you looking at? I have 2.0.0.10 here
No, you are looking at Firefox ;-) That's right, yes.
Greetings, Stephan --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Thu, 2008-01-10 at 20:24 +0100, Wolfgang Rosenauer wrote:
Stephan Kulow wrote:
Am Donnerstag 10 Januar 2008 schrieb Wolfgang Rosenauer:
Hi,
I'm wondering if there is any internal policy at Novell about security updates for Factory? I just found an example what shouldn't happen:
MozillaThunderbird is on version 2.0.0.9 on 10.3-updates while it's still on 2.0.0.6 in Factory. Since in 10.3 it was a security update I wonder why it can be that it's still old in Factory. I would expect a policy that Factory should get necessary updates at around the same time.
Yes, ideally it would be.
What Factory are you looking at? I have 2.0.0.10 here
No, you are looking at Firefox ;-) And even that is old, so what.
It's equivalent to 2.0.0.11, though. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Michael Wolf wrote:
MozillaThunderbird is on version 2.0.0.9 on 10.3-updates while it's still on 2.0.0.6 in Factory. Since in 10.3 it was a security update I wonder why it can be that it's still old in Factory. I would expect a policy that Factory should get necessary updates at around the same time.
Yes, ideally it would be.
That's why I was asking for a policy so that I know it is taken care of and it's just an oversight. It was just an example that I know of but probably there are others.
What Factory are you looking at? I have 2.0.0.10 here No, you are looking at Firefox ;-) And even that is old, so what.
It's equivalent to 2.0.0.11, though.
Yes, agreed. I know that it is. But it still looks outdated from the outside. In my original post I didn't complain about Firefox, did I? The example of Thunderbird was taken because it has known security issues which are fixed already with a newer version. There are no public security patches available for Firefox 2.0.0.11 or 2.0.0.10. So that's the major difference. The goal of that posting was not to blame Thunderbird (or Firefox) but to make sure that someone is actually usually taking care of security related stuff in Factory. Wolfgang --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wolfgang Rosenauer schreef:
Hi,
I'm wondering if there is any internal policy at Novell about security updates for Factory? I just found an example what shouldn't happen:
MozillaThunderbird is on version 2.0.0.9 on 10.3-updates while it's still on 2.0.0.6 in Factory. Since in 10.3 it was a security update I wonder why it can be that it's still old in Factory. I would expect a policy that Factory should get necessary updates at around the same time.
Wolfgang
Mozilla/5.0 (X11; U; Linux x86_64; nl; rv:1.8.1.11) Gecko/20071128 SUSE/2.0.0.11-1.7 Firefox/2.0.0.11 is the current factory, if mozilla repo is used.. ;-) (had to add it to solve problems with factory Thunderbird, which is also too old: invalid message-filters..) - -- Have a nice day, M9. Now, is the only time that exists. OS: Linux 2.6.24-rc6-git11-3-default x86_64 Huidige gebruiker: monkey9@tribal-sfn2 Systeem: openSUSE 11.0 (x86_64) Alpha0 KDE: 3.5.8 "release 31" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFHhnRxX5/X5X6LpDgRApC7AKDRXi3kjiVJe+u62K/cfmP7QFlwGgCeJP6F h4MGCTc0EUWO21xGUg7ZJX4= =qVjn -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Thu, Jan 10, 2008 at 07:50:46PM +0100, Wolfgang Rosenauer wrote:
Hi,
I'm wondering if there is any internal policy at Novell about security updates for Factory? I just found an example what shouldn't happen:
MozillaThunderbird is on version 2.0.0.9 on 10.3-updates while it's still on 2.0.0.6 in Factory. Since in 10.3 it was a security update I wonder why it can be that it's still old in Factory. I would expect a policy that Factory should get necessary updates at around the same time.
Yes, this should be the case. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
participants (5)
-
M9.
-
Marcus Meissner
-
Michael Wolf
-
Stephan Kulow
-
Wolfgang Rosenauer