Joe Sloan wrote:
Basil Chupin wrote:
Joe Sloan wrote:
Basil Chupin wrote:
Wolfgang Woehl wrote:
Freitag, 8. Februar 2008 Aaron Kulkis:
Do you actually understand how silly you sound to anyone who actually understands the Unix and Linux security model.
Hi Aaron, just a short follow-up: see http://nvd.nist.gov/nvd.cfm for stuff about Mozilla Firefox before 2.0.0.12.
opensuse and you and me have 2.0.0.10. Ok, update rule. opensuse will catch up, probably within days, and everything is fine again. There's a gap though. Maybe try and not get phished in the meantime, Aaron?
Which is why I never use FF or TB as provided in openSUSE but always install the ones directly from Mozilla.
I use suse packages whenever available, but out of curiosity, how does installing an unmanaged tarball help?
I don't understand what you mean by "unmanaged"?
It means unmanaged. Suse (like most distros) has a package management system, which carries definite benefits.
Such as?
If you remove the carefully prepared package and replace it with an unpackaged tarball, the package management system knows nothing about it.
Which means...?
If you mean that there is no Suse around to hold your hand in keeping the FF installation going then you need not worry! FF updates itself when Mozilla releases a new upgrade/update/whatever you want to call it. Also, any addons auto-date as well.
My experience has been that the tarballs have rough edges - jagged fonts, lack of certain features that the suse packages have, other little details.
As far as I am aware, suse don't go fooling around with 'jagged fonts' and such. And what do you think are the "certain features" which may be lacking but provided in the suse packages? I am not aware that suse is in the business of re-writing packages such as Firefox or Thunderbird.
I suppose if there were a serious security emergency, you could temporarily run a download install in /usr/local until an updated package is installed.
What you say sounds most reasonable. However, most of the people using a Linux distro are reliant on the distro provider to come up with a 'fixed' version in the form of a RPM or variation. Today, in my part of the world, it is 12 Feb 2008 and there is still no sign of a fixed openSUSE version of Firefox, but on the 8 Feb 2008 I was able to install FF with the security fix to version 2.0.0 12. (Before you, or anyone, notices, I downloaded the fixed FF, according to the file properties in my directory, on 8 Feb but my wife tells me that her copy of FF was auto-updated, 'A couple of days ago I think, I cannot remember exactly when' - meaning that I either downloaded the latest version just before it would have auto-updated or I wasn't paying attention and downloaded it even though I had already allowed it to be upgraded - memory...memory.... :-( .)
Then again, I tend not to go entering my credentials at random URLs included in spam claiming to be from my bank, so it's not exactly an emergency for me.
Which is *almost* the exact the wording used by my friends to justify their inaction, or "devil-may-care" attitude, when I mention security to them about what they use to access the Internet! (I know that I am p*****g against the wind with them, but I keep persisting - have been for years now, but I cannot give up hope. I am a masochist, I admit it.) Ciao. -- If you want to know what a man is like, take a look at how he treats his inferiors not his equals. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org